Comment by pixl97

>Violation of the principle of least privilege

I completely agree with this, programs are too open most of the time.

But, this also brings up a conundrum...

Programs that are wide open and insecure typically are very forgiving of user misconfigurations and misunderstandings, so they are the ones that end up widely adopted. Whereas a secure by default application takes much more knowledge to use in most cases, even though they protect the end user better, see less distribution unless forced by some other mechanism such as compliance.