So I've now gone through and read the whole twitter exchange, and got this impression:
- The guy clearly worked on Tesla's security code, and most of the everyday problems he listed ring true.
- He points out that he hasn't worked on Tesla software for 3+ years and that he hasn't worked on the Model 3, and he has a few good things to say about Model 3 software.
- His "fvck you Bosch" shows the difficult environment Tesla firmware developers have to work in: lots of external components come with decades of interface baggage, and Bosch as the R&D center of German automotive probably isn't ... exactly forthcoming to troubleshoot Tesla problems. It's comparably easy for Amazon or Google to write clean code, they get to work in a mostly standard environment with built-to-order servers ... Tesla had to make do with what automotive had been using for decades.
- He sure has a big axe to grind! He (ab-)uses any credibility he gains by correctly characterizing Tesla's software environment to launch ad hominem attacks against Tesla managers and Elon. The 'see panel gaps with a telescope' comment was a dead giveaway of bias. He hasn't worked at Tesla for 3+ years so why did he expect Elon to have been involved at the factory: Elon only took over last year, when the Model 3 ramp-up mess surfaced. When this guy was employed Elon was spending 80%+ of his time on SpaceX.
So I didn't see anything particularly worrisome in these tweets, but I do hope Tesla internal IT reads those and double checks the deployment security assumptions of their deployment data-center. (They might have done that in the last 3 years, after a couple of high profile security incidents.)
I base my good opinion of Tesla Model 3 security partly on the examination of the Bluetooth unlock app that was performed recently by someone (no link, sorry) - and he found robust cryptography.