On the other hand, keeping data safe from (known and unknown) attacks is also in the interest of such institutions. So I guess it goes both ways. (See: NSA "suggesting" IBM's DES use modified S-boxes, for (at the time) undisclosed reasons)