Case in point: JIT javascript. Go on, look for a modern browser that doesn't use just in time compilation to make the bunny dance just a little faster. And yet, look up just how many browser and even OS and processor exploits and fixes exist because we didn't keep Javascript (ecmascript) in a tight little wimpy and well controlled VM.
So, bad decision making yes. But apparently the whole industry does it.
Another case in point. HTML and other "active" email. If email were plain ASCII, or possibly even if it were UNICODE there would be little chance of exploits. However, for some reason people just couldn't live without bold and underline so instead we have a world where you can't feel safe opening a simple email. Okay, attachments are binary and could be anything, but that's why you teach users to be CAREFUL opening ATTACHMENTS which today is meaningless. No one can ever follow their own rules so just touch a computer and you're screwed.