[jonathansampson]

The browser is secure "to begin with" because it is designed to adapt to the moving threat landscape of the Web. Attackers aren't static; we don't want to their targets to be static either. A browser that doesn't adapt rapidly, dies.

[freediver]

This is what the automatic update mechanism is for (and which should be opt-in as well like an OS would do it).

[jonathansampson]

You don't want to tie everything to one, single update. That means you have to delay smaller filter-rule updates until you deliver larger app-based updates. Or, you have to force a restart of the app to apply changes to filter lists, which is also not idea. Having a component-based system, where items can be updated and managed individually, is far better for everybody.