I'm not so worried about hackers gaining access to change radio stations, but writing to the CANBus is concerning.
It sounds like the weak point in this was the ability to rewrite the firmware of the V850 controller. If that could somehow signed then I'd feel safer.
Even changing radio stations could be very dangerous, especially if access is also granted to audio controls (which it is). Attackers could easily cause accidents by creating distractions like rapidly changing, loud radio stations.
Don't forget an FM radio signal itself is trivial to hack. I did this when I was a kid so that's not a new problem at all, and probably not a danger. If the driver is going to crash because of a sound on the radio, they probably aren't safe to be driving in the first place.
All you can do with an FM signal is override the audio. The volume is still limited to whatever the driver set, and they can always turn it off.
Turning the volume to maximum and preventing the driver from lowering it or turning off the sound would be much worse.
As for "probably aren't safe to be driving in the first place," that may be so, but I would estimate that about 80% of people on the road aren't really safe, and just muddle through by luck and generous margins. Causing unsafe drivers to crash when they otherwise wouldn't have is still bad.
In the security paper, they highlight that the entertainment system displays radio station images that are broadcast over the air (not sure if this was FM or satellite). So it's conceivable that an FM transmitter could broadcast a corrupt JPEG, causing a buffer overrun in some crappy image decoding software, and pwn your car...
It sounds like the weak point in this was the ability to rewrite the firmware of the V850 controller. If that could somehow signed then I'd feel safer.