"We will selectively allow users to pick and choose when that becomes available but today we're not forcing any types of updates," he said, adding that updates can introduce vulnerabilities.
"Updates actually cause a cascading effect and now you're patching patches and that is not a good place to be in," he told Click.
The default names and passwords found by Mr Helme were used to make it easy for customers to set up their device and they were encouraged to change it afterwards, he said.
Mr Helme said the set-up process for the Nomx was far from easy and at no point was he told to pick a new password.
Late on 27 April, Nomx published a strong defence of its product and disputed the way in which Mr Helme tested the device. Mr Donaldson said Mr Helme's tests were unrealistic, as they involved actions no typical user would undertake.
Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users".
Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi.
Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled.
"The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers.
"To date, no Nomx accounts have been compromised."
The BBC Click show dedicated to this investigation will air on 29 April on the BBC News Channel and iPlayer, where it will also be available afterwards.