Cost minimizing aligns well with the criminal-negligence theory. In fact every egregious security issue I've come across, like plain text passwords, public S3 buckets, publicly-accessible internal tools... it all directly correlates to being cheap in my experience.