[LivelyTortoise]

It's funny to see this on HN now - I think this is a real issue, particularly as a dev with all the random libraries we download and run (cough npm cough), and I just got finished with protecting myself against this issue.

What I did: my MacBook Pro now has two separate MacOS installations, each on a separate partition with full disk encryption/filevault enabled, and separate passwords/encryption keys. One is strictly 'personal' - it has the bare minimum of software installed, and everything remotely sensitive (email, banking, passwords) happens here. The other is where I code and install whatever I want, and nothing personal touches this OS.

It can be inconvenient during the day, but I also treat my smartphone as a secure device (iOS) so there's that.