Hm, they could also have tagged the file as "came from the Internet" in the filesystem metadata associated with the file itself. That way, the "came from the Internet" tag is only around as long as it needs to: for the lifetime of the file. Avoiding the privacy problem, but also more sensible for another reason:
If you'd rename or copy the file, the "came form the Internet" tag will remain or be copied with the file. With the sqlite database approach, either this association breaks, or you need to check the database every time a file is copied, moved or renamed and if it's in there, update the database, if you want to be able to track a file when it's copied or renamed.
I don't know if OSX has extra logic for this, or if they just allow the association to break. But with the metadata tagging approach, you only have to run the tagging logic when the file is downloaded (to set the tag) and when it's about to be executed (to check the tag), not with every other file-operation.
A strange choice, IMO: the sqlite approach makes it harder to achieve the intended goal because you need extra effort/logic required to track a file as it's copied, renamed or moved, while at the same time it makes it easier for an unintended goal: tracking users by keeping the information about the file around even when it's deleted and the "came from the Internet" warning is no longer useful.
As I mentioned in another comment, apple do tag "com.apple.quarantine" as an extended attribute on the program folder/zip itself. The download log has nothing to do with the warning dialog.
If you'd rename or copy the file, the "came form the Internet" tag will remain or be copied with the file. With the sqlite database approach, either this association breaks, or you need to check the database every time a file is copied, moved or renamed and if it's in there, update the database, if you want to be able to track a file when it's copied or renamed.
I don't know if OSX has extra logic for this, or if they just allow the association to break. But with the metadata tagging approach, you only have to run the tagging logic when the file is downloaded (to set the tag) and when it's about to be executed (to check the tag), not with every other file-operation.
A strange choice, IMO: the sqlite approach makes it harder to achieve the intended goal because you need extra effort/logic required to track a file as it's copied, renamed or moved, while at the same time it makes it easier for an unintended goal: tracking users by keeping the information about the file around even when it's deleted and the "came from the Internet" warning is no longer useful.