Well, judging from the blog post you linked to, they haven't really done much that's any real kind of hacking, they seem to get excited about getting console access to the Vera Lite, something anyone can do on the Almond+ via the serial header.
What Vera clearly has done wrong is to store the private SSH key on their devices and this is a major security concern. This is not something we're doing, we only store the public key.
Keep in mind that the most common reason hackers get access to a router is because the user didn't change the default password. None of our products have a default password, as they all have a unique auto generated password. That said, the Almond+ did ship with the password set to root initially, but as of firmware R065, the root password is auto generated. We also have auto generated Wi-Fi SSID's and passwords. As such there are no default passwords on the Almond+ (or the Almond for that matter) which is a big advantage we have compared to just about all of our competitors.