Isn't that a bit like saying object-linking and embedding or visual basic macros weren't to blame in the terrible state of security in Microsoft desktop software in prior decades?

They were solving a similar integration problem. But, in exactly the same way, almost all naive and obvious use of them would lead to similar security nightmares. Users are always taking "data" from low trust zones and pushing them into tools not prepared to handle malignant inputs. It is nearly human nature that it will be misused.

I think this whole pattern of undisciplined system building needs some "attractive nuisance" treatment at a legal and fiscal liability level... the bad karma needs to flow further back from the foolish users to the foolish tool makers and distributors!