It was not bad, but without memory/cpu isolates, it was pretty useless. The JSR for isolation got abandoned when Sun went belly up.

It was more like no one used them correctly.

Wouldn't that mean they were poorly implemented. If no one uses something correctly, seems like that isn't a problem with the people but the thing.

I don't think so. Software is maybe the only "engineering" discipline where it is considered okay to use mainstream tools incorrectly and then blame the tools.

Do the “mainstream” tools change every five years in other disciplines?

To be fair they only change when chasing trends, consumers don't care how software is written, provided it does the job.

Which goes both ways, it can be a Gtk+ application written in C, or Electron junk, as long as it works, they will use it.

Partially yes, hence why they got removed, the official messaging being OS security primitives are a better way.