[nullc]

Most of those vulnerabilities were added later, the original bitcoin software had an extraordinarily low defect rate. While some of the bugs in the original were very severe indeed (particularly in Bitcoin script), there were very few in total.

The original code was essentially perfectly portable and extremely clean. It's true that it was was highly integrated, and lacked significant modularity-- but this also made it small and simple. Its use of modern techniques and conscious style made it completely free of broad classes of bugs.

The more modern code is highly abstracted and modular, but much more difficult to read, understand, and review. But its level of functionality wouldn't be realistic or maintainable (particularly by such a large number of participants) otherwise. That level of functionality didn't exist in the original code.

The ugly comment is the sort of remark made by junior developers who can't distinguish style different from what they learned from poor quality. Poor quality code also differs from their preferred style, but not everything that does is poor quality. By any objective metric, -- save modularity/abstraction-- the original code base was extremely high quality including the metrics that matter most: the defect rate. The level of abstraction wasn't optimum for the work that came latter, but it wasn't later and prematurely abstracting would have made the code far less clear (and probably less reliable).