Without the protected path, how do you know that a malicious program doesn't use a low-level API to start a payment from your account without you noticing ?
1- You don't, but it's not a real problem since non-cryptocurrency payments are reversible and trackable, so scammers won't use them. They'll rather exploit analog ways to get money out of you, recent example: https://www.youtube.com/watch?v=VrKW58MS12g#t=7m18s
2- You don't, but sandboxing should be enough to isolate untrustworthy apps from OS-level APIs that could do what you're afraid of.
2- You don't, but sandboxing should be enough to isolate untrustworthy apps from OS-level APIs that could do what you're afraid of.