Vetted packages are great, but they aren't the end of all security problems. Good security needs defense-in-depth.
It's rare but not unheard of for someone to be able to sneak malicious code into a vetted package. It's extremely common for vetted packages to have security vulnerabilities that could be exploited.
I don't want someone who finds a vulnerability in a fart app to be able to escalate that to attack other apps on my computer.
I trust my accountant with a lot of sensitive data but I don't give them the keys to my house. I trust a friend with my house keys to water plants while I'm gone, but I don't give them the password to my bank account.
What good security needs more than anything is proportionality. After all the only criterium you care about is how secure your computer is then you should simply turn it off because nothing else is going to beat that.
> It's rare but not unheard of for someone to be able to sneak malicious code into a vetted package. It's extremely common for vetted packages to have security vulnerabilities that could be exploited.
Ok, when is the last time you or anyone you know personally sustained any nontrivial damage because of such an event? You can make up hypotheticals to scare people all you want but the simple fact is that no, people are not actually in any more danger on their computer than they are just being alive.
It's rare but not unheard of for someone to be able to sneak malicious code into a vetted package. It's extremely common for vetted packages to have security vulnerabilities that could be exploited.
I don't want someone who finds a vulnerability in a fart app to be able to escalate that to attack other apps on my computer.
I trust my accountant with a lot of sensitive data but I don't give them the keys to my house. I trust a friend with my house keys to water plants while I'm gone, but I don't give them the password to my bank account.