First, let me apologize for directing this rant at you. It isn't personal. You're just the person who espoused a laudable goal of "security before features" in the form of a question using #infosec and similar type tags I was watching when I was feeling salty.
If you're actually interested in an answer to your why question:
Money.
If you're interested in a longer answer:
The incentive structure for features is obvious. The incentive structure for security doesn't exist in any meaningful way. Note that incentive structures include disincentives like regulations and penalties. Also note that I am aware of PCI, HIPAA and CMMC, and they are a good start in a few ways, but fundamentally they are adorable when it comes to protecting real people who deal with ransomware and stalking and ubiquitous surveillance and all sorts of other BS that come from not being able to control their own systems.
Next:
You ask: "Why aren't we doing ourselves a favor...". At least one problem is that there are at least two entities described by "we" that are starkly different. One of them is the author. Another is the user. Arguably the user has all of the power here (until we have (more?) mandatory software) to enforce security (don't use the software if you can't tell whether it is secure), but there are strong economic and other (e.g. social) disadvantages for behaving that way.
Mis-configurations and vulnerabilities in cloud infrastructure is _a_ problem, sure, but it isn't even different from literally every other platform, so ....
If you are asking how to change that? Speak up. Find meaningful answers. Tell people those answers. Keep speaking up. Use those answers to do better.
Some suggestions to get started:
#capability (Capability based computer architecture), #sel4 (A modern provably secure OS).
To be clear, the above is barely a beginning (no notable software base, no well-known set of tools, certainly nothing near a UI...). The industry needs to change, which takes money (or the withholding of money, same thing), which takes people knowing about the problems, and then actually caring. So complaining is good. Let's do that. A lot.
