One of the problems of no-one being liable for security, is that no-one has the incentive to thoroughly separate software you really need to trust, and that you care whether it's vulnerable to hacking, from that which you don't. "everything needs a revenue for security reasons" would make sense if companies were giving an effective security guarantee and investing in fulfilling it, which they aren't. If software liability existed, most providers would recuse themselves from the most security sensitive features and we'd have a few big providers doing stuff like syncing, handling long term data storage, sandboxing, etc. rather like now with credit card data. At which point a lot of software becomes unimportant to update.