It's how you get a URLConnection via the openConnection method so they can't really get rid of it without providing a replacement.
URLConnection itself has some quirks that may not be expected such as automatic HTTP connection pooling where close makes it available for reuse.
There are a lot of quirks even in the most basic parts of the standard library. Needing Arrays.equals() due to them initially forgetting to override Object.equals() is one of those. Bad enough remembering to use String.equals(), etc. due to it not having a generic == operator.
The heavy usage of reflection, dynamic class loading and variants of those like the overly powerful Java object serialization in the ecosystem is pretty gross. It'd be be nice if there was a simple way to disable the most horrible parts of it without the SecurityManager bloat.
If you compare it to Python, Ruby and other dynamic languages it's definitely not nearly as bad when it comes to those things. It's worse than most statically compiled and statically typed languages because it's very much a dynamic language. It's just barely statically typed...