Mistakes are fine, and expected as someone is learning, but when you put something out there that has severe security problems, that's... a problem.
I don't have a good solution to that. Certainly a lot of the frameworks out there have security bolted on as an afterthought, or, at best, just don't make it easy to build things that are secure by default.
But ultimately it comes down to the author of the code to take responsibility for the security of the code they throw out there and promote as something people should use. And that's the crux of it: I want people to experiment and learn, but there needs to be a way to keep those sorts of people from building (or perhaps just distributing or promoting) things that (unintentionally) harm others, at least until they're knowledgeable enough to avoid doing that.
It is surprisingly hard to find good advice on how to code securely beyond absolute basic advice. And a lot of it even bundled in things that are good engineering/process (use linter, code review), but lead to security only indirectly. Code review wont make code more secure if reviewer does not know what to look for when doing said review.
The way it works is that general advice I have seen many times is "don't do it". Finding how to code securely or comprehensive list of insecure patterns is much harder. So, people inclined not to follow advice and the ones with huge ego are the ones attempting to create security related software.
I am not saying that I have instant solution, but strategy of discouraging people from trying does not work well. Promoting good beginer level write ups would work better.
----------
Nevertheless, the original topic was arduino and doing circuits while being unable to read schematic. That is seen as a problem, because they did not learned theory before doing 5V dummy circuits.
And I think it is as good start for learning or getting interest as any.
"Finding how to code securely or comprehensive list of insecure patterns is much harder."
The problem is not only secure coding, actually, I'd argue that it's not even the biggest concern. You can produce the most secure code on the whole world, but that won't matter if your device has an unprotected or easily brute forced telnet access by default. Loose default security settings and permissive access is the key concern imho.
If you want to learn how to secure software then learn how to hack. It will give you an insight into the tools and techniques used to breach systems and especially give you an insight on how many attack vectors there are.
Kali Linux and the tutorials for that are the Arduino of hacking.
I don't have a good solution to that. Certainly a lot of the frameworks out there have security bolted on as an afterthought, or, at best, just don't make it easy to build things that are secure by default.
But ultimately it comes down to the author of the code to take responsibility for the security of the code they throw out there and promote as something people should use. And that's the crux of it: I want people to experiment and learn, but there needs to be a way to keep those sorts of people from building (or perhaps just distributing or promoting) things that (unintentionally) harm others, at least until they're knowledgeable enough to avoid doing that.