That's rather cynical, but to clarify, my comment is rooted in the understanding (illustrated by OP in some excellent examples) that all of our digital infrastructure, from browsers down to silicon, are born from tight engineering schedules, "ship it" mentality, a focus on "ROI", and not necessarily security. Even if there were more focus on security, OPs article is fantastic at showing a sliver of this complexity, and the daunting task it is to understand the inter-relationship and consequences of many individual design choices, across a litany of components and libraries, over many decades and teams.
As a first step, I'd like to see some tough laws that hold companies liable for data leaks. Once it becomes a major liability to be the source of a data leak, most companies won't bother collecting PII, and will make it a point to ensure it's not stored on their systems. Nonetheless, systems will always have vulnerabilities and be exploited. This is at least worrisome from many, if not terrifying, and that should not be automatically interpreted as "security-paranoia FUD".
As a first step, I'd like to see some tough laws that hold companies liable for data leaks. Once it becomes a major liability to be the source of a data leak, most companies won't bother collecting PII, and will make it a point to ensure it's not stored on their systems. Nonetheless, systems will always have vulnerabilities and be exploited. This is at least worrisome from many, if not terrifying, and that should not be automatically interpreted as "security-paranoia FUD".