I think you or your friend might be conflating malleability, which was a UX issue in 2013 that caused people to be confused about whether a tx was confirmed or not, with the disabling of a handful of script opcodes in 2010 for security reasons (they had buggy implementations and were the cause of a severe vulnerability).
Edit for detail: In 2010 the "worst bug in bitcoin's history" was discovered, which let anybody spend ANY output on the chain, due to an obscure feature of the bitcoin scripting system allowing the signature script to simply "return true" before the actual script is executed. This was when OP_RETURN's semantics were changed to unconditionally fail the script if ever encountered rather than the short-circuiting behavior implied by its name and present in early versions. A quick emergency audit was simultaneously done and ALL opcodes that were unused at the time and moderately complex to review were "disabled" as a precaution.
It's not clear that the developers understood at the time that they would not be able to re-enable those opcodes for existing scripts without a hard-fork. The distinguishing between soft-forks and hard-forks were still being worked out back then. So large parts of script were in fact removed, but it was done as part of an emergency bug-fix and the permanent disabling may not have even been intentional.
The disabled opcodes weren't really that important to smart contracts though, at least not without additional primitives that bitcoin never had. There are various proposals to add these features in to segwit script or the upcoming taproot extension.
Edit for detail: In 2010 the "worst bug in bitcoin's history" was discovered, which let anybody spend ANY output on the chain, due to an obscure feature of the bitcoin scripting system allowing the signature script to simply "return true" before the actual script is executed. This was when OP_RETURN's semantics were changed to unconditionally fail the script if ever encountered rather than the short-circuiting behavior implied by its name and present in early versions. A quick emergency audit was simultaneously done and ALL opcodes that were unused at the time and moderately complex to review were "disabled" as a precaution.
It's not clear that the developers understood at the time that they would not be able to re-enable those opcodes for existing scripts without a hard-fork. The distinguishing between soft-forks and hard-forks were still being worked out back then. So large parts of script were in fact removed, but it was done as part of an emergency bug-fix and the permanent disabling may not have even been intentional.
The disabled opcodes weren't really that important to smart contracts though, at least not without additional primitives that bitcoin never had. There are various proposals to add these features in to segwit script or the upcoming taproot extension.