Yes, it's always "one malicious update away", but what I'm saying is different to that.
You're talking about "installing" a change, and talking about more about their capability to change what happens with your data.
I'm talking about 1) the effort required to _write_ the change and -- more importantly -- 2) the potential backlash being different as to whether it's a modification of an existing functionality vs an entirely new type of functionality. This second point is a major one, because it would be seen as much worse if it looks to the public like they've gone out of their way to do something wrong, and would be much more damaging to their reputation. IMO anyway.
You're talking about "installing" a change, and talking about more about their capability to change what happens with your data.
I'm talking about 1) the effort required to _write_ the change and -- more importantly -- 2) the potential backlash being different as to whether it's a modification of an existing functionality vs an entirely new type of functionality. This second point is a major one, because it would be seen as much worse if it looks to the public like they've gone out of their way to do something wrong, and would be much more damaging to their reputation. IMO anyway.