I mean the evidence is pretty obvious, people were using bad roms, a lot of them using all 0s or other reused or badly inputed roms, with zero issues, until last month. Last month, apple finally started enforcing the rom be unique.
Prior to that, it seemed to only matter to have good board ID, hardware uuid, system uuid, and serial. the rom just didn't matter (other than making sure it persisted, so the nvram hash didn't change).
Now the rom matters too.. Simple as that. But as I said, it's not apples fault that users had bad roms, it's users. However, any change to security that increases enforcement on apples end still involves apple. Cause, and a effect. A change was made, it affected users, users adjusted, problem solved.