Google appears to have treated this as an API issue. I.e., "the API up to 4.1 was insecure. We now will require method annotations going forward for the JS to execute them." I could care less if backporting this change to earlier versions broke a bunch of apps. It's an easy enough change for those apps to go and insert the explicit annotations. I think Google has made a conscious choice here to not cause apps to break in the name of security, so that their platform can appear to be "more stable".