That's not true. In industries like medical and aerospace engineers have more power than they think. I've been there and done that. Safety is relevant still so you can't throw you hands up and do nothing. They don't have the same mentality as FANG companies, safety, redundancy, and being vigilant is part of the job. However, things will happen if everyone isn't vigilent. There are lots of companies out there doing it the right way, don't throw them all under the bus with Boeing.
Not intending to throw Boeing under the bus at all and I do think engineers take security seriously.
But generally there is a R&D lead that makes the decision to implement it. There may be responsibility there, but the decision to design the plane this way was an economic one.
Some reported internal pressure to develop quickly. By now, that is probably standard in the industry where any software is involved. So apart from an engineering position that could nearly crash or delay such a project...
If the system reactivated wrongly, it is certainly a bug and I think they have already fixed that problem. But an error that is hard to identify and the system was basically just designed to conform to regulations defining flight characteristics to evade renewed certification and training.
Of course there are still valid design criticisms possible if you take security real serious.
