That's a hard problem to solve, and I don't think there are any easy answers. It depends on many factors. What kind of business, what the risk/threat model is, cost/benefit analysis, all that kind of stuff.
You absolutely can. The issue isn't _using_ the optional chaining operator, the issue is that it wasn't compiled down to something that older platforms can understand. Developer quality of life doesn't have to conflict with what's supported on older platforms.
I think it's spread out here in this instance. The realities of the web are that a non-trivial amount of people are going to be using older, outdated devices. That's just a hard fact.
The web dev's responsibility here (or possibly his manager's) is on deciding what level of support they're going to give for those outdated devices.
Do Apple/Google/etc also bear some responsibility here? Absolutely. They can (and should imo) support older devices, much more than they do. But they're gonna chase profit, and at some point the costs of that support outweigh the benefit. That's just another hard fact of life on the web, one that developers should take into account when deciding what kind of support they want to give to outdated browsers with their code.
Luckily, for most things down-compiling to something like ES5 isn't incredibly difficult and can be automated.
Yes, you're right. But I don't really expect them to make the "smart" or "usual" play. That would honestly surprise me. Now, pinning it on somebody that was generally disliked because they constantly blocked things that had obvious gaping security holes? Basically sicking law-enforcement on somebody out of pure spite? I can absolutely believe that.
> My guess is their local workstation was compromised
Honestly I don't think it was even that complicated, considering when I needed to spend money on some SaaS product the "chief accountant" (because there was no CFO) straight up sent me a photo of the corporate credit card and said "delete that when you're done".