As a reader of “Risks” on Usenet, I discovered this 20 years ago.
The key point is that redundancy was required - two sets of control wires from the control room to the core. The safety design folks decided that it was more dangerous to have two different holes in the containment structure than one, so the two different sets of control wires were fastened to the ceiling side by side. The result was then when one set caught fire, the other one caught fire also.
Thousands of engineers and hundreds of inspectors ... and they didn’t catch this bad design flaw that any student looking at a picture would catch.
The 3 mile island incident was more subtle. The engineers designed a sensor to detect whether a relief valve was physically open or closed, and report the position with a green light; unfortunately, the exhaust coming out of that valve eventually corrupted the sensor. The customer engineer got tired of replacing the sensor after a few years, so he changed the green light to report whether a command had been sent or not, not whether the valve was physically open. He documented this to the operating crew.
To save money, the 3 mile island operating crew was changed, and the documentation was not properly transferred to the new crew.
Some time later when the valve failed open (thus releasing pressure and allowing the reactor water to boil), the operating crew looked at the green light, concluded the valve was closed (when actually it meant that the valve had been commanded to be closed, but it had failed open), and did a lot of wrong things based on this faulty information. They almost had a meltdown.
The technology is finally available for a “fail-safe” reactor, but no one wants to pay to change the regulations.