The main lesson to be learned from Zoom is that you can be known for shipping insecure products and there will be absolutely no repercussions in the marketplace. Any startup CEO who invests in security is failing at their job.
It probably also helps if you're already at the top and have a product people generally like and prefer to the competition. Something like this could possibly kill a company before they get off the ground. But once they're established and everywhere, it takes a whole lot for users to care enough to stop using something they otherwise don't have strong issues with.
It also helps if there's a tangible issue that end users actually see or feel. Zoombombing is an example, but it's easily prevented (unless there's an internal collaborator on the call intentionally leaking the meeting ID and password), and they can do various things to address that.
Other examples would be some sort of worm infecting computers through the Zoom client, or direct evidence that any stranger could've been or was spying on their calls undetected (rather than the more abstract China routing and E2E issues).
"you can be known for shipping insecure products and there will be absolutely no repercussions in the marketplace" AND you can deliver a product that surpasses all else in the market. Usability trumps security for consumer grade applications.