They solve a need that isn't reasonably
solved any other way that doesn't have similar drawbacks.
Some optimizers need to be redesigned to be safer by
default.
Some networks need to be safer by default as well.
Almost every product ever made does solve a need. You will find at
least one customer who is happy with what they paid their money for.
But BGP-4 is vulnerable enough as it is, and the Internet has moved
on in leaps and bounds since 1994 (RFC 1654).
Until we see BGP-5, we need to look after our community. And if that
means holding the BGP optimizers to a higher standard, so be it.
As they say, "You can't blame a monkey for botching a brain
surgery".
Plenty of industries strongly "guide" (I'll avoid "regulate") their
actors to ensure standards and results (medicine, aviation, energy,
construction, e.t.c.). If the acceptance bar to a BGP actor is an
optional CCNA or JNCIA certification, we shall learn the hard way,
as we did with this and similar incidents.