Seems to me the biggest exploit vector was in virtual machine theft. Grab DB keys from all the VM's on a shared webserver, for example. Or a Cloud Instance even.
Because yes, they really were that shortsighted and greedy.
What do you guys think mitigated this, if anything?
For example if you disable all the virtualization options in a BIOS, that fairly straightforwardly eliminates the most useful vectors for those exploits.
If they can already execute code, you must consider the host system exploited anyway. So what Spectre and Meltdown did was allow common ground to be exploited.
Perhaps it never should have been trusted anyway. Virtual Machines are elegant, and I understand the appeal. But you can't trust anything these days, and why would you?