Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.
Apple gave fair warning to vendors that they wanted sandboxed applications to be the standard for the platform. Sandboxed applications do not run out of system directories, they are basically "jailed" in their own sandboxes. Microsoft, like most software vendors, ignored Apple. So now the vendors are reaping the rewards of what they sowed.
The bigger problem with El Capitan lies with virtualization and VPN software. These need to make changes to the system routing and interface tables to properly route packets between virtual machines and the Internet, or between the local host and the other end of a VPN tunnel. El Capitan breaks our VPN at work and I have advised our employees to not upgrade to El Capitan due to this fact until Apple and VPN vendors come up with a solution to this problem. I certainly am not going to advise employees on how to disable Apple's security system (SIP), that would be lunacy on my part akin to telling employees how to disable virus protection on their Windows laptops given the increasing threat level for Macs recently.
In the end, we need more secure systems, and Apple is providing one. The fact that it breaks existing applications and inconveniences users is unsurprising. It would have been surprising if that *hadn't* happened -- which is one reason why consumer operating systems are so insecure (because making them secure breaks so much stuff).
You have mail.