Another way to look at this is that the exploit was solely an emergent property of two different systems having different views on what constituted secret information. The issue was not necessarily that either one did something wrong, but rather that when you put them together, one could play off both their weaknesses to create a bigger one.
And this is not something new. Back in the days of ICQ and hotmail, it was trivial to "hack" someone's email account by filling in the required information to "recover your password" by using information users stored in ICQ (which usually included their email).
I remember searching for people with an @hotmail.com account in ICQ just to see if I could enter to see their emails. This was like, 15 years ago IIRC.
