Don't think poster meant the APIs were designed to maliciously allow exploits. He meant they were intentionally developed to allow rotten code to work (because, sadly, rotten code is everywhere), and a by-product of that lax attitude unintentionally allows exploits.
