[gary__]

"At some point, I bet someone in a design meeting said "Hey, I think this might compromise security, can we study that before implementing it?" And the decision to implement it without that study, or despite it, was made."

Because we should assume all your past missteps were due to willful negligence? Yeah, let's not just start making shit up to support the group think outrage.

[dgoldstein0]

agree, I really doubt people were like "let's compromise security for performance". More likely it was something like: "hey here's an idea for how we can get more performance" "convince me it's correct" "oh, that's cause X, Y, Z..."

and either no one thought about the security implications, or no one could come up with a security problem at design time - likely just no one thought about side channel problems.