RSA was still selling RC4 into the mid-2000s as a product. While open source variants of RC4, often trying to avoid the RSA trademark by calling it things like ARCFOUR, started trading in the 1990s, there was still a sense that RC4 was backed by a security company.

Also, even though flaws were discovered as early as the open source variants had reverse engineered the RC4 algorithm, it was one of those "flaws exist but need things to exploit them that are out of our current threat models" problems, with it being a multi-stage, multi-year effort from the earliest flaw discoveries in the 90s to the most devastating exploits being developed around 2013-2015 taking advantage of those flaws in reproducible ways.

I also remember in the 90s it felt like the reverse engineered, open source efforts were once shining beacons of hope like PGP of releasing "enterprise grade" security algorithms from trade secret-protected corporate and governmental interests to "the common people". RC4 was simple to implement and easy to reason about, but gave "good enough" security for a lot of uses, certainly far better than "no security unless you pay a company like RSA and only if you don't plan to export your software outside of the US". That's why RC4 was the basis of a 90s idea called CipherSaber [1] about the idea of being able to implement your own security suite that you controlled and companies couldn't take from you.

Of course, things have shifted so much since the 90s when security suites were trade-protected and export-controlled. The security through obscurity of the algorithms involved behind trade secrets laws is no longer seen as an advantage and the algorithm being public knowledge has started to be a part of security suite threat models. Today's advice is never write your own security suite because there are several well regarded open source suites that have many eyes on them (and subsequently vulnerability plans/mitigations). Governments in the internet age have had to greatly relax their import/export controls on cryptography. We live in a very different world from the world RC4 was originally intended to secure.

[1] https://en.wikipedia.org/wiki/CipherSaber