I'll say! Actually I do. Devices that are targets for this kind of attack shouldn't be able to be remotely flashed with new software. It's convenient for the people who manage them, but so what, it's not their money to be putting at risk.
Barring doing the safest thing (not allowing remote flashing of code) they should at minimum have monitoring that alerts when code is added or changed.