[backing]

> I agree that it doesn't need to be about security

This.

You're litterally using a personal computer with at least personal data on it, passwords in a password manager, passwords in your browsers, website account sessions (!) all on your drives and folders. Everything accessible by ALL programs you execute.

The more info Javascript has and therefore the server, the more attack vectors open up to just inject code into your browser and leverage code execution on host (recent CVE on firefox and Chrome !).

Or into your slack electron's chrome. Or any spyware app.

All your keystrokes accessible also !

Consider using a virtual machine or container to isolate the apps from your data so that they can't access it. If needed, mount a folder between host and guest for purpose-only sharing.

Or at least think about it or other measures.