737 MAX: an aerodynamics and type certification process (rather than system safety) issue?

As more technical details of the Boeing 737 MAX and its Maneuvering Characteristics Augmentation System (MCAS) continuously come to light, it is becoming increasingly clear that the design of certain aspects of the aircraft is inadequate, at best.

However, what is not yet fully clear to me is just which aspects of the airplane those are. Whilst the subject of MCAS is a relatively complex and polarising one (with a key question being whether it should be categorised as a convenience feature or a safety critical system), I cannot help but wonder whether the current focus needs shifting away from the system safety side of things and further towards the fundamental aerodynamics of the 737 airframe that have brought about the need for MCAS.

The 737 design is now 50-odd years old, having been developed back in the days prior to jet bridges, with a relatively low height allowing the loading of both passengers and luggage without any special equipment. Equally, the design has been evolving over time, with pressures higher than ever to deliver incremental improvements on cost efficiency without the need to fully re-certify the design (and the need for costly new type ratings for pilots).

It is no wonder, therefore, that there must have been a large amount of pressure on Boeing engineers to accommodate the larger engines on what is an airframe that is essentially not appropriate without raising the height of the fuselage off the ground (and therefore increasing the length of the landing gear), with the inevitable type certification issues that would follow.

Whilst the design of MCAS itself is severely lacking (arguably due to being miscategorised as a convenience feature rather than a safety critical system), there is a more fundamental question of whether such a ‘patched’ plane should have been allowed to achieve type certification in the first place, and at what point the handling characteristics of the 737 MAX should have been considered a fundamental design flaw (both by the Boeing engineers and by the FAA) that should not simply be allowed to be addressed via (inadequate) control and instrumentation upgrades.

Distilling things down to the fundamentals: was the risk associated with the 737 MAX truly as low as reasonably practicable (ALARP)? Applying the UK goal-setting nuclear safety regulatory approach that I encounter in my work, I imagine the design would have been rejected outright on the basis that the designing of a new version of the 737 is an opportunity to design out the instability issues arising from the proposed new engine nacelle placement on the 737 MAX relative to that of the 737 NG. It is unlikely that a fix such as MCAS would be allowable on the basis of full re-design and re-certification costing too much as it would not provide a design where the risks have been demonstrated to be ALARP, particularly as even the accepted way to counteract MCAS actuation (hand-cranking the trim wheel to raise the nose) is very difficult on 737s due to another aerodynamic quirk already known to pilots for decades.

At what point should such a sequence of additive issues push us to stop and reconsider the fundamental feasibility of a new design?