First, it wasn't even the developer who compromised people, here; second, scripts in most cases are orders of magnitude less dangerous than a windows executable.

And, in many cases you can get some protection from a developer going rogue (or not writing perfect code), it's not an all or nothing.