Question - how did the fix in Knots come about? Was it through limiting the size of Witness scripts? or simply targeting the op_if op_endif combination for [non]relay?

My research on this at the time... was that most Core developers thought the arbitrary data combination could easily be replicated with other opcodes, slightly changed, and repeated or reproduced ever so slightly different.

So it would be like 'whack a mole' because the exact scripts could be changed slightly again and again and filtering each time would do more harm than good.

Today, the reason for not 'filtering' is that the 90% threshold would never be met... and filtering inscriptions today would harm the mempool, fee estimation, and be ineffective regardless a net negative.

So it has not been changed.

The other explanations I've read is that larger witness 'blobs' aren't economic... the NFTs or jpegs are DoS attacks noone is really buying them. Attackers will change or alter their attack ever so slightly... because they don't care about the arbitrary data ITSELF, just attacking Bitcoin noone is buying monkey jpegs.

Which I also think is true.