A major part of that is, I think, that desktop OSes are, “by default, insecure” against local software. Like, you install a program on the system, it immediately has access to all of your data.

That wasn’t an unreasonable model in the era when computers weren’t all persistently connected to a network, but now, all it takes is someone getting one piece of malware on the computer, and it’s trivial to exfiltrate all your data. Yes, there are technologies that let you stick software in a sandbox, on desktop OSes, but it’s hard and requires technology knowledge. It’s not a general solution for everyone.

Mobile OSes are better about this in that they have a concept of limiting access that an app has to only some data, but it’s still got a lot of problems; I think that a lot of software shouldn’t have network access at all, some information shouldn’t be readily available, and there should be defense-in-depth, so that a single failure doesn’t compromise everything. I really don’t think that we’ve “solved” this yet, even on mobile OSes.