The security is still in the hands of the user. An app can ask for a handful of permissions that the user can just agree to. The user is still compromised, but now you can pin even more blame on the user. That doesn't help any.
And for the last several years plus, the very vast majority of Windows malware has been similar in nature. But that's never really stopped the Apple faithful from being in willful denial about the same.
