I gotta tell you first, that I'm no expert here and the following is just a feeling, not a fact....but I got a feeling, even tough this time it might be really just a mistake and humans make mistakes...that in the future, where open source will be even more dominant than today, the "accidentally"-disabling-mitigations-by-default-stuff will become more frequent, so that maybe state actors have at least some time till the next patch, to do their "work".
How many good security experts does the Linux community really have? And how many of them have the time to review stuff. Exactly, probably not so many. So sure, it's good that in theory we all can inspect the code, but in reality...well, we more or less are just naive believers regarding our privacy and security on Linux, and the intelligence agencies will exploit this heavily.​

Yet again, bad variable naming has led to serious troubles.