Tesla takes their security pretty seriously. There were at DEF CON, both in the contest area and the front row of the talk where someone dumped their firmware. The presenter was overall pleased with their design. Expect to see something on 60 Minutes in the coming months.
If they allow over the air updates, even encrypted, there's a big potential risk. Exactly how are the crypto keys generated and protected? An attack on the download signing server, rather than the car, offers an entry point.