Not every, but most of them are, either explicitly (by design) or implicitly (by not actually checking if it was made secure). We're talking about secure systems, not any system that could also be secure.
I think parent poster's point is that security is a continuous, not binary, value. Things aren't secure/not secure. They simply have a cost for breaking them. The goal of effective security is to make that cost larger than the reward for breaking it.
For example, you might say my public-private key is secure. I take great care with my private key, etc. But I guarantee that for a few million dollars you could get it, simply by hiring some nefarious people to get it out of me and/or steal my computer. The thing that makes my private key secure is only the system, it's also other peoples' motivations for breaking it (or lack thereof).
I suppose it depends on what we think of when we write system and call it secure.
A system could merely be a design, or a composition, but it could just as well be a product or an implementation in general.
If a system was designed to be secure, the implementation can still be insecure. But if a system was not designed to be secure, or better yet, designed to be insecure, the implementation can never be secure.
To your point, an implementation or product can only have a state at a point in time where we can think of it being secure or insecure, as the next state or the next point in time might differ. But when we're talking about Signal, and their stance on influencing their design or architecture to make it insecure-by-design, I don't think we're talking about bugs or specific cryptography implementations, we're taking about making the design such that the implementation can never be secure.
If we were to take RSA for example, the factoring might be quantum-computable at some point in time, but right now, it is not. RSA was designed to be secure, and secure implementations exist. That said, if we were to wait a few years to a few decades, and again measure RSA as a cryptosystem, we might conclude that while it was designed to be secure, no secure implementations exist anymore.
