most reason OSes are insecure is bexause they are designed badly regarding security. they are from a time it wasnt important and most ways of building them also from that same era. its hardly modernized -_-. sure its not the same OS as 20 years back,... it has a lot of layers of junk ontop.

again, no incentive to improve it. its either unpaid work or the OS vendor has a stake in it being insecure. (both exists)