I think it's often a result of Occam's razor being mixed up with Hanlon's razor, or something similar: they claim that an argument for accident, forces of nature, or incompetence is more convincing than an argument for malice or willful intent, and that the former requires less assumptions than the latter.
I think this is often true, but definitely not always.
Or it comes down to the fact that Occam's Razor is just a cheap rhetorical device that's employed to lend a luster of legitimately onto what is otherwise just a subjective intuition. Fully comprehending how many assumptions are involved in a given line of reasoning probably takes a lot more time and thought than some guy on the internet is devoting to his HN comment.
I think this is because "simpler" is so subjective. Witness the Occam's Razor argument for theism - what's more likely, all of this crazy complicated quantum physics mumbo jumbo, or 'a wizard did it'? The latter only requires one assumption... until you start asking pesky questions about what, exactly, was the 'it' that the wizard did, and how was 'it' managed.
Wouldn't that be worse security wise? Say if there is an exploit in the wild. The customer upgrades it to the latest version. Now all the bad guy has to do is to mess around with the firmware enough to trick the system into downgrading to the exploitable version.
A car that has an app, a car that can be remotely updated, and a car that has all communication running through the same BUS, may be susceptible to remote break in without requiring any sort of physical access. Now the firmware may require signature verification to be patched, however in this case all we need is to corrupt the existing firmware or atleast make it seem like we had access to it in order to trigger an auto-downgrade.
Regardless, even under your logic an auto-downgrade without a user's input is completely unwarranted for.
Not enough evidence to say for sure, so Occam's razor applies.