You have to balance the this ease of use with increasing potential attack and fingerprinting surface. Correct approach is something in the middle - a separate off-by-default setting or recommended official extension.
Chrome has the option to turn off APIs by default. I do it for my installs. I think that disabling that option for everyone is not a good approach as average user will never figure out how to enable it, making that technology effectively dead, so we get back to installing host software.
Sometimes security and usability contradict with each other.
Sometimes security and usability contradict with each other.