Maybe it doesn't matter if a better design is possible - if adequate procedures exist and weren't followed, and oversight fails to catch instances of that, then anything could go wrong.
Given their nature the original intent was probably that they were secured at the factory and never touched. But because they are convenient for access during maintenance/inspection they get used more often.
This issue, the oxygen mask, and the child restraint issue are the NTSB doing the proper "what if things had been slightly different" calculation.
Airline maintenance removes and reinstalls these doors. They could accidentally commit the same error so Boeing should change the design such that the door will not stay in-place when the bolts are removed. Could be as simple as springs that force the plug open without the bolts. If the door won't stay closed without the bolts like a light switch it will be forced to clearly show when it is safe vs not.
Child restraints were mentioned partially because if a lap child had been in that row they'd have been sucked out by the decompression and free-fallen 14000 ft. It was entirely luck that it didn't happen.
Oxygen masks mentioned because the pilots had some trouble getting them on in a timely manner. If the incident had been sudden onset of thick toxic smoke one or both could have passed out before getting the mask on and oxygen flowing. That's like a fire extinguisher with a complicated pin mechanism. Adrenaline dump during emergencies ruins fine motor control, critical thinking, etc. The worst possible time to have something be fiddly and complicated. You want it to be muscle memory. So trivial a 5 year old child could do it without being taught.
And the CVR issue is just the NTSB mentioning that yet again for like the 100th time the CVR circuit breaker was not pulled so we lost the recording and any potential learnings to be had from examining them. This is a problem that just keeps happening over and over. Because it relies on pilots, after a huge emergency, to remember to pull a circuit breaker when they have a thousand far more important things to worry about (not to mention coming down from the adrenaline high) and the thing only keeps the last two hours... which was a standard set when they were continuous loops of wire before the switch to magnetic tape. All the new ones are little computers and flash chips.
Pinpoint "seems reasonable" changes like that without regard for the whole system of interactions are what sank Thresher.
The "sudden onset of thick toxic smoke" is rare. It's either not that toxic or the onset isn't that sudden. You can't just design the system based on assumptions of needing to cover a rare corner case without taking a look at the whole general thing and the frequency of various anomalies and crunching the numbers to see if you're not actually making it worse. I agree that the masks should be simple and reflexive but you absolutely could compromise the whole system if you prioritize reflexive over other attributes without actually taking a full stack look at the tradeoffs in all areas. Aircraft manufactures employ people to think about this stuff and they're frequently why "seems reasonable" changes don't get made.
Specifically in this case, that factory being Spirit Aerosystems in Wichita where the 737 fuselage is manufactured. Part of the problem here is that Boeing in Renton didn't have processes for removing the MED when necessary on the final assembly line (in this case to rework rivets near the door). Without processes, there was one senior guy on the door team who taught himself how to do it, this was only needed a few times a year, but he was on vacation when this airframe needed the MED removed. Someone else did it (the NTSB couldn't determine who), the work wasn't tracked, and a separate team (the team literally sealing it up so it could be moved outside) put the MED back in but didn't install the bolts (which were gone).
That sort of thing is also one of the legitimate reasons the FAA can have for not adopting an NTSB recommendation. Requiring a seat for small children is one of those calculations. The FAA ran the numbers and assumed some portion of those parents wouldn't fly and of that portion some would drive. Some portion of flights are for physical or emotional health that would not be handled (you can calculate the increase in suicides from things like missing a loved one's dying moments). And of course driving is way way more lethal. So you have to weigh the deaths from not flying plus deaths from driving against deaths avoided if lap children were prohibited.
Clearly, relying on people to do this after the incident doesn't work, but.. shouldn't this be in like the post-incident checklist?
Either a checklist for the pilot, or an incident manager... there's got to be a list of things to do, and pull the breaker on the recorder isn't going to be high on the list, but I would think it would be on it.