I believe that Ignition has everything that you need to implement a secure setup. That said, designing a secure system involves all the other pieces of your network. There really is no magical silver bullet.
I can’t speak to every product out there, but we can discuss trends. The SCADA market was incredibly weak with respect to security in the late 90s, early 2000s. I would say that integrators and end users alike valued availability (is the system up) and put little importance in security. For example, how many times have you heard people never do operating system updates on SCADA systems for fear of breaking it? While substantiated in the Microsoft dominated industry, it promotes poor security practice. Better yet, how many plants have you seen where all the operators share a single username and password? Very little pressure was put on vendors to encourage secure practices. Users would typically buy software from the company that sold them hardware without a second thought.
The gaping vulnerabilities that come to mind are the result of old technologies and poor practices. For example, DCOM (which is the basis of OPC-DA) presents security issues. The Siemens issue of hard coding the database password also comes to mind. There are actions that you can take to mitigate these issues. Use an OPC tunneller, isolate networks, patch and update your software, etc.
Ignition was created by individuals with IT backgrounds. By design, it leverages proven technologies. Traffic may be encrypted with SSL, database connections are standard (ODBC/JDBC/etc), minimal ports are used, minimal “home written” components or concepts are applied when standards exist, etc.
Implementing SCADA security in Ignition is about the same as securing any other IP network. Use a “defense in depth” model of layered security. Implement firewalls, turn off services that you don’t need, patch your devices, etc, etc. Consider an isolated network if possible.