The way I see it: Democratic states are institutions that enslave people in ways that the majority of people living there decided. If you think the same way as the majority then it doesn't feel like enslavement to you. Anyway, the state has complete physical domination over you.

Cyber-criminals, on the other hand do not have the power to exercise physical violence over you, they can only harm you in non-violent ways.

Practically speaking, you are more likely to be harmed by cyber-criminals than by your country's state, but if tomorrow there's a new law against certain political ideologies (not uncommon in third world countries), or against encryption, or against privacy and they happen to know that you're interested in those things, the consequences could include physical violence.

I agree with you philosophically with regards to democratic totalitarianism. But it's a moot point when we're talking about devices that are already vulnerable. The government is in the same position as any other Internet background radiation - if you want to keep them out, then just secure your shit.

There is a philosophical point to be made about one's right to willfully violate what are considered best practices (eg toad.com), but we're not debating penalties for running "insecure" devices. The sheer majority of vulnerabilities they find are going to be due to straight cluelessness.