Nintendo has never shown a technical ability to design secure systems. Going back as far as you want, they have engaged in security through hand waving. Pre-DS systems had effectively no security; cartridge cloning was possible, there was no code signing, it was a free for all. The DS has a litany of flaws - they validated the cartridge itself, not the actual code contained on the cart. That system would be defeated, but prior to that people would just modify the firmware (which, by the way, is not checked by the system on boot to ensure that it is authentic; no signature validation) to skip that check.
The 3DS is a security disaster, too many mistakes to even get into. The Wii U effectively has no security - public, unpatched WebKit flaws, you can download games from Nintendo's CDN, swap the license file for one from the disc version of the game and install that game on an otherwise unmodified system - no kernel patches, no custom firmware required, nothing. Get code exec and you have games that the system sees as legit.
No meaningful online security on either the 3DS or the Wii U. Nothing like what we had in 2002 with Xbox Live. Play pirated, modified games online without peril.
On the Wii U, you can even frame others for cheating, because they don't have what the original Xbox had - a unique per-console chunk of data that is used to uniquely identify the system for purposes of Xbox Live. Instead, Nintendo uses the serial number. Which the user can change to whatever they want.
The Switch is arguably worse than the modern examples - they learned nothing from the original Xbox. They went to Nvidia and asked for a chip. The entire system is commodity hardware that was never intended to be used in scenarios where security is important. And they are paying the price for it.
