Let's not forget that the designer of Rijndael (AES) is also the designer of Keccak (SHA-3).
RC4, by the way, was bad even for the time. It would be worth studying how it managed to survive as long as it did, because flaws in RC4 were well known long before the browser drama.
It'd guess it was a combination of not being patented (they tried to protect it as a trade secret instead but it leaked), the general ease-of-application of stream ciphers, and the fact that RC4 in particular is so easy to implement you can easily memorise and bash it out in a few minutes.
RC4 was a state of the art stream cipher in 1987; that it took so long for a practical attack to appear, despite its wide use, is a testament to the fact that it was clearly not "bad even for the time"
RC4, by the way, was bad even for the time. It would be worth studying how it managed to survive as long as it did, because flaws in RC4 were well known long before the browser drama.