Sure, but what of significance has changed? Every time you run a program, you're trusting the developer not to do nefarious things like reading your Chrome credentials, because the only assurance you have is the developer's word about what the program does. As far as I can tell, that hasn't changed at all. I'm not saying this is okay - there are reasons why this is a bad thing to do, I just don't see how no longer being able to trust the developer not to be malicious is one of them.