I think many try to some extent, but we don’t exactly leave a lot of room to manoeuvre. Classrooms don’t seem to work without substantial conformity, bills have to be paid, employers catered to, and even just plain social pressure to not stray too far off the beaten path.
They claim that Rust and WASM is the answer. Their blog entry on the difficulty of passing Mozilla’s review for the Firefox extension suggests that they are taking things seriously, at least as far as reproduceable builds.
It wouldn’t hurt my feelings if they had someone actually on security detail. Maybe they do and just haven’t said so. Given all the problems with Flash, I would like to see them do more bragging and discussion on how they are dealing with security issues.