Or we could just blame the hackers who attacked the end users.
I mean, of course I over-sold things in the OP, good security practices are always welcome, but it's not Gamefreak's fault that people inject malicious code into the game. That they could have done better in preventing this, because a bad Pokémon should seriously be weeded out serverside if anything, is another topic. The blame lies on the hacker. And that blame feeds back all the way to the initial exploit that made that hack possible.
If anything I want people to stop and think. Releasing exploits that allows for the execution of code allows for the execution of malicious code. That should be obvious. How bad it will get for the Switch is unknown, it's still early and the Switch OS itself is still safe. But that won't last. It never does. And that's when trouble arrives. People can run Linux and whatever all they want, but as soon as it affects the part that normal users interact with, there's going to be trouble.
I worry about Pokémon Switch now. Before the exploit was announced, I was sure to get it. Now... it's a maybe.
Or we could blame the actual responsible party, the one who made bad assumptions.
It is Gamefreak's fault that they did not design around the end user not necessarily being trust worthy. There is a reason every PC game on the planet doesn't have this problem; PC developers assume that attackers exist. Gamefreak fucked up.
There will be no real trouble, you just won't like it. The Switch doesn't have a 360 style integrity validation upon connecting to online services; people will cheat and pirate and you'll just have to live with it. If Nintendo makes secure hardware and Gamefreak makes software in a non-stupid fashion, everything would be fine.