[gwern]

Yes, after 18 years of WordPress development, the architects' excuse of blaming bad actors in plugin ecosystem has begun to wear thin, especially when contemporaries or predecessors like Firefox or Debian never had remotely the same level of problems with their users being hacked constantly by plugins/packages.

[JimDabell]

“No Way To Prevent This,” Says Only CMS Where This Regularly Happens

[lmm]

Firefox has had the converse problem of constantly breaking all their plugins by changing their APIs etc..

[kmeisthax]

They were able to fix this by moving to the WebExtension model instead of letting extensions directly interface with XUL/XPCOM[0]. Of course, then everyone got angry that they couldn't do ridiculously invasive changes to the browser with an extension anymore.

[0] which were then massively refactored, twice.