Re: The root cause
The "in their right mind" is debatable, but take a look at the Foxglove post, which demonstrates the vulnerability in such niche products as WebLogic, Websphere, JBoss, and Jenkins.
Many, many people deserialize object streams from untrusted sources. It's very common. As the Foxglove analysis shows, often it's wrapped in some proprietary protocol rather than being plain RMI, so an attacker has to spend, oh, several minutes figuring out how to inject the malicious payload.