The bar to write secure desktop software is significantly higher than for browser extensions. Especially with all the Electron crap these days, you're one XSS away from full-blown RCE.
Absolutely, but the short and long terms risk posed to most by installing random browser extensions willy-nilly is still almost certainly higher than that of instead opting for vetted desktop apps, especially if using PWAs in place of Electron apps where possible (which I do).
I’m talking about community vetting. It’s usually easier to find discussions on the internet where people have discussed and scrutinized desktop apps (e.g. “this app phones home”) than it is to find the same for most browser extensions (which are often only heard about after having been turned into malware).
The tooling is often better there too, e.g. one can keep a short leash on app network activity with Little Snitch and similar but I’m not aware of an equivalent for browser extensions.
