Bad default, but be careful if you stop anybody's pig from dancing

There is a balance here, because of Dancing Pigs a large proportion of people whose device ceases to work because of security will label that as "Your thing is broken" not "Hooray for protecting me". It makes no sense for Linux to deliberately put up a fence where the equivalent Windows systems just shrug "Eh, who needs security when you can have compatibility?". However it looks as though Microsoft is moving in the same direction, there's no need for us to be _worse_ than them about security holes they're responsible for.

There's a "First Mover" penalty which is why the Web Browser Vendors sometimes behave like a cabal - if they all make your pig stop dancing at roughly the same time, you might shake your fists and blame the cabal, but at least you won't switch to the least secure option just because it keeps your pig dancing. This avoids the Powers That Be looking at the situation and deciding by fiat that there won't be any more security fixes, all pigs must be permitted to continue dancing even if it hairlips the governor.

There's also "Last change gets the blame" at work. In many cases the reason an organisation (or home) needs SMB1 is some obsolete third party device they've become dependent on. But they bought that years ago, and humans have learned to blame the new thing, for completely rational reasons, so even though the _right_ fix might be to replace that 10 year old printer or WiFi router, the actual fix may be to return the shiny new secure Linux appliance and get the insecure alternative instead.