...it's no better than the malware than it pretends to protect you from
The drive to make very web page look like a native application (and, ironically, increasingly every app to look like a web page) hasn't helped either.
When I started developing for the web (early '90s), we kept three principles in mind:
 do all critical processing server side where you can protect it from misuse
 make all significant content client agnostic so everyone can read it regardless of the tools they're using - the text of any web page should be readable in Lynx.
 allow presentation to degrade gracefully for less competent clients
All three principles have long been abandoned, resulting in both massive opportunities for malicious actors and exclusion from web resources of anyone who doesn't subscribe to the IT churn (e.g. 70-odd versions of Firefox in 10 years with increasing backward incompatibility and the "deprecation" of PHP functions, breaking existing code).