You are certainly right in that it is up to people to use a tool correctly and safely.
However, in the world of physical tools we regulate tools that are dangerously easy to use badly. If an electric drill, for example, has wiring that is easy to pull loose it will not pass safety tests. If you are careful you can use it perfectly safely, but we know from experience that if you increase the chance of an accident you will increase the number of accidents. So we regulate against that kind of ‘defect’.
I don’t see why we should not apply the same logic to software. I have stated in many replies to comments that it is perfectly possible to avoid SQL injection, but the most straightforward way of using relational databases is the most susceptible to that kind of attack.
