Jenkins is committed to remain backwards compatible. In the case of plugins detached from core, this means shipping with the plugins, because otherwise the upgrade experience from a version when it was a core feature will be horrible. In the case of LDAP plugin, it only was detached in 1.466, not even two years ago.
the version bundled with Jenkins is old and buggy
You mean unlike 1.10 and 1.10.1, released not even a week ago, which both contained serious bugs? Note that occasionally, bundled plugin versions are updated. I guess the approach there is safety over being up-to-date (if you use Subversion Plugin, you know what I mean!). If this is a concern for you, it's trivial to create a pull request that changes the bundled version (here's the relevant file).
One possibility would be to only extract bundled plugins if there's already a JENKINS_HOME with e.g. global config.xml that indicates a version older than when it was detached. But that should probably be covered in the context of JENKINS-9598.
I recommend this should be resolved again.
Effectively implemented towards 2.0 as part of
JENKINS-9598:https://jenkins.io/2.0/