Re: botnet
"The whole thing is insane"
Yes indeed, but it serves two purposes for the hosts:
[1] it protects the developer from having to think about integrating or validating the totality of the code, which speeds up development, saving money
[2] it reduces the traffic load on the hosting servers, which saves money
Both of these purposes provide advantage to the providing host, so we're probably stuck with it, regardless of any common sense or hazard to the user.
As we are (literally) forced to rely on the web more and more to run and maintain our societies, it becomes ever more dangerous to do so. Ultimately, the entire bubble will collapse, by which time we'll have no idea how to pick up the pieces.
At that point, to loosely quote Monty Python, "Is this the end of the World as we know it" - "Yes" - "Oh"