This was an intentional move even if no one else wants to admit it.
You can't hide implementation from the User in such an environment; at least not to the degree you can with precompiled programs with debug symbols stripped. One requires you to infer function from raw assembly, the other, lets you step through areas of code that vendors want to keep out of the reach of user understanding.
90% of established security practices around code delivery are around keeping your product from being too easily reversed or "owned" by those who use it.
Thus the popularity of -as-a-Service business models. You can't invoice for something a user just uses.
Operating Systems that are actually in use show that the real difficulty of Computer Science isn't deeply complex algorithmic complexity (although OSs have algorithms and data structures in spades)
The real problem is just mundane management / organization / interface / documentation that plain old enterprisey software fails on.
A lot of what is lost was handling a much smaller breadth of hardware, applications, and as you pointed out, a much simpler security exposure profile.
You can't hide implementation from the User in such an environment; at least not to the degree you can with precompiled programs with debug symbols stripped. One requires you to infer function from raw assembly, the other, lets you step through areas of code that vendors want to keep out of the reach of user understanding.
90% of established security practices around code delivery are around keeping your product from being too easily reversed or "owned" by those who use it.
Thus the popularity of -as-a-Service business models. You can't invoice for something a user just uses.