[palant]

Yes, you put considerable trust into applications running on your system. But I hope that you don’t just install random applications. You probably choose only vendors where you can reasonably assume that they don’t want to accept the backlash of having shipped a malicious application.

Now shipping a malicious application is always a risk. This application release is evidence of misbehavior, should someone choose to analyze it. This risk is almost non-existent with dynamic web applications. It would have to be the one targeted user who analyzes megabytes of code.

To sum up: there is a good reason why websites are sandboxed and don’t get any access to your system.

Note: I am the author of this article.