It could happen. Teenage sociopaths exist. But they're very, very rare. You're falling victim to the Columbine fallacy here. TV news makes a poor reference for risk management.

But yes: if this exploit is easy, eventually some diabetic is going to be murdered through it. Far more diabetics will kill themselves via poor diet choices, however.

And even the Columbine sociopaths were targeting people they knew, rather than random strangers. Random murderers targeting random strangers are even rarer.

But I would hope that even Teenage Sociopath is smart enough to figure out that this is equivalent to just shooting up the clinic with a gun.

Or, even if you think he's less likely to get caught, the world is full of undetectable opportunities to kill random people. Poison the fruit at the supermarket. Sabotage the train line. It doesn't happen very often.

Two points: Why argue about this at all? Securing known-in-advance endpoints isn't impossible. Why not just do it, and stop arguing?

Second: The relevant risk metric isn't "For a given person, is someone going to try to kill them today?" The relevant metric is "For all such remote-controlled implanted devices (including not just "insulin pumps" but any potentially dangerous device) placed in all human beings across the entire lifetime of both the implanted devices and the human beings, what are the odds someone will be attacked via this vulnerability and physically harmed?" to which the answer is trivial: 100%, rounded to the nearest thousandth of a percent.

Don't argue about it, fix it.

(Oh, and narrowing it down to "technically-skilled teenage sociopaths" is cognitively hazardous, even in casual debate. That's not even close to the full threat model and encourages subconscious dismissal of very real threats not sourced from that narrow group.)