I think the shifting "product focus" is probably the main factor here, simply because such a service being used for malware hosting was completely predictable from day 1. When they started they probably thought that it was worth it, then later on they changed their mind. That or they were incredibly naive.
In the context of a large corporation, incredibly naive is just an euphemism for bad management. They launched it. An internal security audit found that it was being used for phishing. They planned to fix it but layoffs came along and they had to sunset Send.
Quick summary: it was being used for malware and phishing, aggravated by the trustworthy-seeming firefox.com URL.