LinkedIn at one point were continually pressuring people into handing over their email credentials in the name of making it easy to find your contacts.
So yeah, LinkedIn have never been exactly a bastion of IT Security.
No user ever had a real use case for seeing a button that says "invite X" that doesn't send an invite on the platform, but instead sends an email to X who doesn't have a Linkedin account.
And if you decline, it asks you again. Two times using different wording.
You'll be surprised how many features "tech" people think nobody uses (Like a share button on a website), are actually very popular. That's likely the reason that feature still exists as everything is most likely A/B tested to death.
I was not only talking about that though, but also that they can build shadow profiles and recommend people to you that way.
So yeah, LinkedIn have never been exactly a bastion of IT Security.