The problem is, 'people' want incompatible things.
They want things to 'just work' when they plug them in. But they also want them to be 'secure out of the box' and 'flexible and configurable'. And they don't want to have to learn 'technical mumbo jumbo' to reconcile these things.
So OS vendors are between a rock and a hard place. If it 'just works' when they plug it in, then it probably means that users can easily access shared folders without having to worry about nasty things like firewall rules, local subnets, ACLs, etc etc. The only way to achieve this 'usability' it to set security down to non-existent by default. Then others will raise hell about that.
If the users are not capable of making informed choices, then the software needs to second-guess the situation and make guesses on their behalf. That's where a lot of issues arise.
I guess that's what cluefull friends and relations are for. < having spent 4 hours on the phone to MIL last week. The conversation began with : "We've just bought a new PC, but..." >