Completely agree with the other commenters here - the "expert" doesn't know what they're talking about. Lots of alarm people are ex-locksmiths rather than IT security experts - is this the case here by any chance?
Criminal networks are highly effective at sharing information and systematising the breaking of security. I may not have the personal skill to design an operating system or i7 chip, but it doesn't stop me using them highly effectively. It only takes one person to do it and sell the tools.
Combine this with a company that's a/ evidently clueless about network security b/ appears to have a natural reaction of denying rather than responding to security issues and it's an accident waiting to happen.
What's the odds criminals are trying to hack their customer list (and those of their resellers) right now? Combine it with rented access to a router botnet and cross reference with IP address geolocation and you've probably got a nice address list to go after. The alarm system remote monitoring will probably even tell you when there's no-one in the house...