Why are there vulnerable extensions?

From Joomla! Documentation

Anyone may write and distribute a Joomla! extension. As a service to the global community, this freedom is actively encouraged and supported by the Joomla! Core team. Due to the openness and popularity of the Joomla! project, there are a wide variety of extensions offering a vast array of features. The quality and breadth of Joomla! extensions is one of the main advantages of Joomla.
However this freedom comes with a price. It requires individual responsibility, and can survive only where a majority of participants act responsibly. Joomla's success has led to unwanted attention from malicious types, such as script kiddies who run simple, automated scripts in an effort to find and deface others' Web sites.
It is important to note that, script kiddies unintentionally perform a valuable service. They help us identify vulnerable extensions and poorly configured servers that might otherwise remain open to more serious threats.