As someone not working in security -- nobody working in security actually believed in that kind of stuff, right? Even my dumb self knows that the network is fundamentally full of evil nodes.
It's not so much that servers would be left wide open to be hit by anything that plugged into the LAN (although, sure... some of that, too), but more that there was no need seen for things like endpoint firewalls on user desktop machines plugged in to the LAN, because they were 'behind the firewall'.
And honestly even today we still see that thinking in datacenter ops and even virtual cloud ops. I've seen people say 'I don't need to worry about those mongo credential compromises because I'm running mongo on a secure VPC'.
A surprisingly large share of people "working in security" are actually just checking boxes, and are very risk averse so resist all change, especially taking out any boxes.
