I think many vendors think security is synonymous with "hard to clone". This us why they require signed images and so on.