An OS doesn't protect you from outside, it protects the system from apps and users
Imagine if your OS asked you if you would like to allocate a block of memory at address X everytime it does
That's what to a regular user the prompt means
They just click 'Yes Forever' and are done with it
But that's still an application settings, it has nothing to do with being an OS, browsers are mostly a system for distributing malware in the easiest of ways
At the cost of being as complex as a full OS, without any of the benefits
Wanna bet that if vendors started distributing naked browsers and the extra functionality (of course approved by W3C as standards) were bundled in plugins, which is entirely possible, half of those would linger there with zero downloads?
Several critical or potential annoying functions have opt-in prompts by default, unlike your typical desktop OS.