Right. So why exactly would you advocate that if the remote access vector has been patched that's the end of it? The main issue is the fact that the insecure center console can push requests through the secure gateway and have them performed. For some stuff that's fine, but parking brakes (for example) are not one of them. That is the underlying issue that needs to be fixed, and the real vulnerability. If not, we're just going to see the same thing all over again the next time there's a remote exploit.
In other words: how they got access matters. What they were able to do with that access is far more worrisome. An internet-connected, remotely-exploitable computer in the vehicle should not have access to the brakes. Period.
Edit: And to be fair, we don't know what they fixed. Maybe they fixed both, we don't know.