At this point it's not even explicit - it's an implicit decision of most companies, and even OSS projects, because it became part of the "common wisdom" of computing, part of the zeitgeist.
This is where the idea of "a computer as a bicycle for the mind" died.
On the topic of "computers as public transport for the mind"...
A project I work on has some processes that I need to run that can only be initiated through the Azure DevOps Pipeline interface, and these need a "worker agent" on a VM or something, and there is only one worker agent, and some of the jobs take half an hour or more.
So the effective outcome is that despite every member of the team having a full multi-tasking computer on our desk (A multi-tasking computer each! Sometimes more than one each! Plus loads of cloud VMs), we can only run a single task at a time between us and we have to coordinate scheduling manually.
Is this the future?
It is like this because the process involves "secrets" that are meant to be hidden from the team but are accessible to the program when running inside the Pipeline. If it weren't for this secret-hiding, I could just run the process manually on whatever computer I want.
And the secret-hiding doesn't even really work, because I can freely commit code to personal branches on the repository that the Pipeline runs from, and I can run the Pipeline on whatever branch I want, so I could commit a program that prints out the secrets. Ah, but Microsoft has thought of this: if any of the secrets appears in the output, they get replaced with "***".
(Let's skip the part where this accidentally leaks a "secret" username, where I know a particular piece of text that should be output but instead all I see is stars...)
The secret-hiding doesn't work because I can just make the program output base64 of the secret. I don't do this because I don't want to start pasting secrets around in places they shouldn't be available, but it is sometimes tempting.
Anyway, welcome to the future of computing. Thanks for listening to my TED talk.
> And the secret-hiding doesn't even really work, because I can freely commit code to personal branches on the repository that the Pipeline runs from, and I can run the Pipeline on whatever branch I want, so I could commit a program that prints out the secrets. Ah, but Microsoft has thought of this: if any of the secrets appears in the output, they get replaced with "**".
Github Actions at least allows restricting secrets to be exposed only to specific branches, and in Gitlab you can enforce that pipeline steps using critical secrets can only run in protected branches, so you'd need to fool a maintainer with a malware-laden pipeline change in a merge request first.
This is where the idea of "a computer as a bicycle for the mind" died.