Researchers have demonstrated that it is relatively easy to take control of many embedded devices. I recently saw a presentation that showed a successful attack on the control computer of an automobile that was launched by inserting an infected disk into the CD player. The attack surface of many devices is growing rapidly because of market demands for increasing connectivity. Nobody should assume that their devices are unlikely to be targets of attacks. Hackers can be incredibly creative at finding ways to exploit vulnerabilities for their own ends.
Consequently it is becoming clear that all embedded developers must be aware of security risks and that they should program to avoid them. Fortunately there are lots of publicly-available resources to help programmers understand security vulnerabilities. For example, the CWE/SANS Top 25 lists the most notorious programming defects that can lead to exploitations.
After getting educated and adopting the appropriate tools, the most important thing that developers can do is to cultivate the correct mindset. They should assume that their software will be scrutinized for vulnerabilities by extremely talented and determined adversaries, and program accordingly. It is most critical to pay attention to the interfaces between systems as this is where most weaknesses lurk.