Well yeah, that just requires a consensus on what is trustworthy. There are some things that are trustworthy, and you need to have some way to identify that, if you are going to protect yourself.

But that just shifts the blame to the user, who is a non expert, and we don’t really have good ways to identify safe software products. There’s stuff like CSA for physical products. It’s short-sighted to say “well if you don’t know, use nothing”, because that’s not going to happen.