Instead of having a default password there should be a step in the setup where you are prompted for an admin password. Yes, there will be a lot of easily guessable passwords, but surely it's better than a factory default.
In my experience, it's a losing battle no matter how you approach it. Make people specify a password, but then often times one person stages it and another installs it, so do you make an easy password for staging it? Do you add the overhead of making a device that enforces strong passwords? And so on...
The closest thing to a best solution I've seen is a 2-factor system, a passcode along with some kind of hardware dongle to default or get admin access.
If ATMs aren't going to get this right, what hope is there for all the other random security locks?
Keyless entry systems have been a target for decades; read old Phrack issues for stories, and even listings of the (very small) complete sets of combinations. Obviously, conventional tumbler locks have been a target for as long as there's been an MIT.
If it were commonly known that this default code existed it's less likely that those who are responsible for setting up these keypads would leave the default set.
Those wishing to exploit it are the ones who actively seek out this sort of information.