My guess is this was brought up but getting the product out there was more important to the business so it got ignored.

Now that it's a problem for them, they get to hide behind an "oops sorry, let's fix the really obvious thing now", almost like taking "if it ain't broke, don't fix it" to malicious levels.

This jives with CRUD software in general, where people are not usually rewarded for preventing future issues and instead rewarded for waiting until it's a visible problem and then fixing it.