Sure, browsers had three decades of adversarial testing to evolve into sandboxes, but what are you going to do in case of something like the xz backdoor in a desktop application? It's no longer a hypothetical in 2020s.