There are two core reasons why autorun wasn't viewed as a huge security threat:
1) As one other person already pointed out, there was no real vector in which to steal info from the client computer. There was no default email client, web browser, or even TCP/IP stack. Computers were silos where data was moved via floppy.
2) There was a reasonably fair assumption that if you put in a CD you were going to run the application installed on the app. If it had opened up in file explorer and there were files "setup.exe" or "readme.exe" or "runme.exe" -- 99% of the time those files will get run anyways.
To put it another way... using the most secure web browser on the planet today is probably a bigger known security risk in 2011 than autorun was in 1995. With that said, the benefit of a web browser is a fair bit larger than autorun.
1) As one other person already pointed out, there was no real vector in which to steal info from the client computer. There was no default email client, web browser, or even TCP/IP stack. Computers were silos where data was moved via floppy.
2) There was a reasonably fair assumption that if you put in a CD you were going to run the application installed on the app. If it had opened up in file explorer and there were files "setup.exe" or "readme.exe" or "runme.exe" -- 99% of the time those files will get run anyways.
To put it another way... using the most secure web browser on the planet today is probably a bigger known security risk in 2011 than autorun was in 1995. With that said, the benefit of a web browser is a fair bit larger than autorun.