Because it's a strategic issue. The internet is critical infrastructure. While TP-Link might not have contracts with ISPs and datacenters, it doesn't take a lot of imagination to think what damage you could have with 30% of the home / small business routers under your control.
This could range from plausible deniability stuff (like the examples in the article), to targeted investigations / attacks (Bob who works at the Gov Accounting office for Miliary Spending), all the way to a 100-million unit botnet turning to provide a few days of distraction ("Bad hackers compromised our OTA system. Sorry!") on while a certain island is being eminant-domained.
Your food example is not the same. You can't trojan-horse an apple pie, or target an individual customer from the supplier-side (yet). If you decided to poison them, that's pulling the pin from the grenade right now.
This could range from plausible deniability stuff (like the examples in the article), to targeted investigations / attacks (Bob who works at the Gov Accounting office for Miliary Spending), all the way to a 100-million unit botnet turning to provide a few days of distraction ("Bad hackers compromised our OTA system. Sorry!") on while a certain island is being eminant-domained.
Your food example is not the same. You can't trojan-horse an apple pie, or target an individual customer from the supplier-side (yet). If you decided to poison them, that's pulling the pin from the grenade right now.