I’m not confused by your explanation in the least.
DDoS has nothing to do with third-party access. It has to do with consistent default passwords. Making your system proprietary or disallowing people to use your cameras with the solution that fits their needs, doesn’t stop DDoS in any way.
RTSP vulnerabilities are of no harm or risk to users.
Furthermore, if this was a true concern, you could allow a setting for users to change this configuration.
The truth is that since Zmodo started the 3rd-generation sPOE systems, you’ve begun a new approach of making hardware that cannot be mixed-and-matched or work in any way other than your proprietary setup; in the same way you design software that is proprietary and won’t play nicely with others.
It’s one thing to do that. It’s another to blame it on security issues and pretend you’re doing it to help the consumer, when the opposite is true.
Furthermore, if you are going to lock-down your system to only your own proprietary software, it’s extremely important you write software that runs reliably. Zmodo software continues to have severe bugs, which is why I’m so desperate to use it with third-party software, which has always worked great for me.