No system is ever created perfect, and such vulnerabilities and flaws exist. Bitcoin is also not perfect; you can create double spend tx given the right condition, create a 51% attack that would fork the whole chain and create confusion among others. It's just that there aren't sufficient time, resources and efforts for these attacks to be sustained or prolong that can damage the whole network.
This exact and true. Every system goes from experimental to beta to live and even then there will be room for improvement.
Just look at Microsoft. After windows 95 they made so many new version and even Windows 10 can't be called really stable.