the cost of hacking is higher than the profit
, especially if you get caught

Because csrf protection is not against parsing

Creating the illusion of security, not only in terms of development and programming, is one of the most expensive "services" in the world in my opinion. In terms of programming, it is a competition between one and the other: who build it and who try to crack it. In this case, your "kung fu" turned out to be stronger, and devops did not count on such a level, or they simply did not have enough time to "wall" higher.

Why complicate the work of your fellow programmers by inventing security tools if they will be hacked sooner or later anyway?

Because some programmers do not share the desire of other "programmers" to hack their programs.

On the site where I parsed the goods on the authorization form, a key is randomly generated so that it is impossible to send POST requests from another site or script
, but it is enough just to add the function to the script to go to the site to parse the key and send it in the request with one more parameter and you can send any requests anywhere

Not “what requests anywhere”, but send now a POST authorization request, and then if the site does not check for the source of the request.

You can, of course, make tracking to see if you are a robot, but if you set the necessary parameters, then this is easily bypassed, which I did in general.

What settings? Well, let's say a simple captcha can be decrypted with a neuroha, but with recaptcha it's already more difficult, because it tracks the movement of the mouse.

And here it’s not clear why that guy wrote extra code and wasted his time on something that took me another 10 minutes of time. It's stupid to waste your time and other people's time.

But was it definitely a “hack”, and not just managed to send the form from the left site?

Why do people hang locks if they can be removed?