alt Hacker NewsOne of my friends had his credentials stolen from a trojan infostealer masquerading as a video game, sent from a rando who he mistakenly trusted. If only it had to request user permission to access files outside of its folder. There's a spectrum between full access and full lockdown.
If every app requests that permission, no app requests that permission. Also your passwords would be in your user folder so the app that needs the passwords could read them.