Yes, I'm being somewhat hyperbolic. Bring on the downvotes! ;-)
This is not a bad thing, for the simple reason that every long-lived complex system involving many humans must behave this way.
Any attempt to top-down design the perfect, universal, distributed application runtime hits fundamental social problems not unlike those in a centrally planned economy: too much information to integrate, too many stubbornly uncooperative humans with their own divergent goals and opinions.
Systems at this scale are much more like biology than like circuit design.
The idea that systems are fixed entities that have to be designed correctly up-front is wrong and is one of the reasons why the Waterfall model of software development has been superseded by Agile.
Good systems have to be designed to handle change. Change is the only constant thing in this world.
Security takes a back seat to reproductive fitness of the web as a platform. JS made the web insecure, but it also made it the world's premier application platform.
I blogged about this: http://kylebebak.github.io/post/browser-security-worse-is-be...
All sufficiently complex ecosystems are a giant, flawed mess.