Hardware security is still overlooked a lot in the tech industry, hence there are a ton of hardware and mechanical stuff out there that are made “smarter” but still barely have any security controls. That’s why there’s the saying “The S in IoT stands for security”. Bluetooth in itself is not secure, and they probably have a very basic control where the pump is unlocked remotely via a bluetooth device.
I very distinctly remember early bluetooth amongst other interfaces explicitly discussed in college as an example of "enabling things to understand eachother, including things that shouldn't." It's up to the developer to protect their data.
There is a problem here that isn't just a hardware/software issue, it's a "I'm not gonna worry about it" problem that leads to security issues.