I think it's more probable that they had the right intentions in the beginning, but then realized how much money these vulnerabilities might cost to fix because they had no easy way to resolve them without recalls. So rather than fix the issues and lose millions of dollars they just tried to hide the them.
Being able to say "we have a $30,000 bug bounty program and nobody has claimed it" would be extremely attractive.