"Who could possibly be so stupid as to recommend or use RDP on the open internet knowing the implementation doesn't have granular and well designed privilege separation?"
The bigger question in my mind is why put anything on the open internet unless you have to? RDP is great, but put it behind some sort of VPN solution or tunnel it over ssh. This goes for any service that should be private use.
The name of the game in security is shrinking the potential attack surface area to as small as possible, and having multiple layers of checks.
Sure, but there are still configuration problems. I remember having once set the root password to "", thinking it will lock everything out. Turns out that it only locks it for login, but not email server authentication. Someone managed to send emails as root@mybox, logging in with a blank password.
I realize this isn't OpenSSH, but there will always be stupid users. Exposing as little as you can is a good idea.
The bigger question in my mind is why put anything on the open internet unless you have to? RDP is great, but put it behind some sort of VPN solution or tunnel it over ssh. This goes for any service that should be private use.
The name of the game in security is shrinking the potential attack surface area to as small as possible, and having multiple layers of checks.