But in a classic UNIX network, middleboxes aren't a part of the threat model.

Unprivileged UNIX user accounts binding on TCP ports were and are. So, ports below 1024 were reserved for the root account and that was a decent protection at the time against enterprising users trying to race system daemons in binding listening sockets.

See for example https://www.w3.org/Daemon/User/Installation/PrivilegedPorts....

And even today, it still protects against an exploit kit running as "www-data" or "nobody" springboarded from a wordpress exploit.