Not even a large enterprise, just anywhere there's any sort of formal process. Very, very few companies outside a startup with a single product+handful of employees are able to just make code changes like that all willy nilly. Especially to something as sensitive as authentication.
It's like saying "why didn't the NASA engineers just fix the o-rings on the Space Shuttle Challenger? After all, they knew there was problems with them and people's lives were ask risk." They did what they could, which was this: http://www.lettersofnote.com/2009/10/result-would-be-catastr...
Well, you can have a formal process that allows contributions from anyone, which is what I was trying to allude to with "watch it work its way into prod". But I agree, generally speaking if you have a formal process, and you're not on the team, and/or can't convince a product owner of the need, there is no way to get it done.
It's like saying "why didn't the NASA engineers just fix the o-rings on the Space Shuttle Challenger? After all, they knew there was problems with them and people's lives were ask risk." They did what they could, which was this: http://www.lettersofnote.com/2009/10/result-would-be-catastr...