e.g. You can’t just provide software to people that obtains TLS certs on their behalf: you have no idea how their infra is setup.
Hosting any app on your own infra is a serious skill set.
No, they’re not.
They’re design choices where the default that has been chosen is dangerous for somebody deploying the software. Plenty of web apps do not have those pitfalls.
