Desktop OS's typically don't protect one application's data from another, or the system's data from an application. At least not out of the box without configuring some kind of sandboxing solution.

The user-based permissions model is an outdated dinosaur from a time when we could trust the applications we run on our systems to act on our behalf. Applications now act on the developer's behalf, often against the user. An application "running as me" should not have access to every resource (file or peripheral) on the device that I have access to. That's a huge blast radius.

Operating Systems really need to start treating developers as adversarial from a security/permissions point of view.

Macs have started prompting for confirmation when software requests access to some directories. It’s better than nothing, but the OS doesn’t really have any kind of tutorial explaining how the permissions work and which directories are covered.