Why is the AES-256 encryption used for cpassword considered a security weakness in Active Directory?

Although AES-256 is a strong encryption algorithm, Microsoft made a critical mistake by publishing the private key used for encrypting cpassword in Group Policy Preferences. The key is static and identical across all Windows domains, meaning anyone can download it from MSDN and decrypt any cpassword value. This effectively makes the encryption useless, as shown in Domain Penetration - Recovering Passwords Stored in Group Policy via SYSVOL.