This is a really long-standing battle between user accessibility and user freedom. Any time a software system or platform or OS allows for people to do whatever they want without restriction, you end up with thousands of compromised systems out there. The alternative, in the past, has been to lock everything down unless users go into some kind of "Advanced" mode or "Developer" mode but then users just get tricked into turning that mode on anyways or more advanced users hand wave those restrictions away for less savvy users without explaining any of the implications.

This is the same pattern that happened with IE where users would install all kinds of toolbars accidentally and then get tons of data stolen or when the first iPhone was jailbroken and everyone wanted all the cool jailbreak features. People would jailbreak the phones of their parents, siblings, relatives, friends, etc. without really every explaining what was happening and what the potential pitfalls of that are.

Now, unfortunately, we're at the same impasse with browser extensions. They're super convenient for most people and are widely used but there's another vector of attack for people that aren't as savvy and don't understand the consequences. Especially when it comes to browsing history, payment data, and passwords, it's so easy to compromise a system now when you can hide it in something like a browser extensions.

The real answer is to do a better job educating people about what everything is but no one wants to do that. More skilled users just want to bitch about what gets taken away from them personally without acknowledging the giant elephant that is ignorance. There is so much advanced technology out there now that people don't even understand the consequences of the most mundane actions.

In my opinion, Apple's trying to do something about that even if it comes at the expense of a few power users losing some conveniences. If their past history is any indicator, they will bring back or improve up on this functionality so that power users get it back somehow but, in the meantime, the bigger and more pressing issue is what takes precedence.

There might be technical reasons why browser extensions are particularly problematic and it might make sense to phase them out in their current form, so, to be clear, that's not what I'm getting hung up on. But there seems to be a broader acceptance of Apple's vision for a nice walled garden where users are safe from everything, especially themselves, and criticisms of this are just "bitching" from people who need to see the bigger picture. I'm sorry but I don't accept that.

Mobile is the primary user environment for a whole generation of kids and millions of people coming online in developing countries around the world. What we're bequeathing them is worse than anything in early-2000s Slashdot's worst paranoid nightmares. Billions of iPhones only load OS images signed by Apple and jailbreaks are aggressively patched as urgent security issues, guaranteeing vendor lock-in. Third-party code is too dangerous so users have to get it from a vendor-controlled app store and sideloading is forbidden for security reasons. You can't have browser extensions because they can see too much, so now you have to hope that Apple implements an API for whatever you were trying to do. There's a weird double standard where the tech literati are fine with things on mobile that they would never accept on their desktop. I guess it's because we have the luxury of putting our phones away and retreating to our "real computers" to scratch our tinkering itch. Not everyone has that privilege, or inclination. If the freedom to tinker means anything to you then mobile shouldn't be an exception.

I don't think the walled garden is even necessarily good for the ill-informed or careless users we're trying to protect. Checking out the "Advanced" mode is how users learn. While it may be dangerous for a casual user to be able to run a command or make a tweak they found recommended on some website, it also can be incredibly helpful - software doesn't always work correctly or the way that you want it to, and there's not always a nice button that does exactly what you need. And there's a real danger of the browser and the other public API surfaces calcifying to only permit what Apple thinks about ahead of time, smothering innovation that could have genuinely benefited users. Imagine if computers followed this philosophy from the beginning. I doubt users would enjoy an app store where user input (text only, of course) is sent securely into the app's stdin and output is text fed securely from the app's stdout to the screen, with no interference permitted by potentially insecure code attempting to provide things like scrollback because it could see all of the user's activity.

So yes, protecting users from the worst malware can be a thing but it's not as obvious as you make it sound that this should necessarily entail removing agency from the user. By aiming for the lowest common denominator user, Apple is depriving everyone else of real advantages. And, I would argue, producing a sterile and stilted experience that's best for no-one.