I strongly suspect that in November 2008 there was no script. It always felt like a last minute addition to me. It's not mentioned in the white paper at all and everything we know about it was reverse engineered out of the source. And as noted the design is a bit screwy - CHECKSIG feels like something that was refactored out of a pre-existing code base rather than something you'd actually sit down and design on paper.
I think there was, because the fields are already named scriptPubKey and scriptSig. It was probably preceded by an implementation that had no scripts, just public keys and signatures. I wonder if there was an intermediate phase that allowed multiple keys per output, but not yet full scripts. Maybe the concatenation business made sense in such a context.
Also note that SignSignature and VerifySignature aren't in the files here, although that would be the obvious place to put them. I suspect they used to be there in an even earlier version and were moved to script after that was split off. And script may have been too immature for Satoshi to share just yet. Then again, it's interesting to see that it does already include nLockTime and transaction replacement.
I've also wondered if maybe there was an earlier implementation that used balances, not outputs, as that is what I would have started with. The most obvious starting point might be single input, single output, single signature transactions between accounts. But there is no evidence of this, and maybe previous ideas discussed in the literature already chained individual coins.