In the end both kinds of systems are necessary: Locked-down with trust managed by an authority for less tech-savvy users (or users who do not want to manage their own security and are okay with the drawbacks) and open systems with the responsibilities put into the user's hands.