Why are so many products being shipped with massive prompt injection vulnerabilities?

Imagine being the exec, getting to pick between two teams:

The first says all the cool features are possible.

The second says that some of the cool features can never be possible.

Why would you ever pick the second team?

Downside risk will be discovered the hard way, since the teams that know why it's there will be considered party poopers, and the naive teams will seem more chill.