The rsobj wouldn't get updated unless a new version is available. Probably I did some bug fixes and that is why the file got replaced.
To disable cross site scripting protection globally you can just update the property in the rsobj.php file. CrossSiteProtect is set to true and you can just update it to false.