Holy moly, how was that ever a good idea. Just like routers being able to be configured via the manufacturer's website, config by someone other than you seems like a big red flag
well log4j will be old enough to drink in a few weeks (January 8, 2001). It's way older than bcfg2 or ansible, chef, puppet, etc. I'm not sure when the functionality was added. I'd bet it was the bees knees at the time.
Wild. I guess the NSA black bag job at Google was 2013, which led to SSL everywhere. I guess most folks still had the hard and crunchy on the outside, soft and chewy model on the inside mindset. Time flies.