Except package repositories have maintainers, who tend to be trustworthy parties. Compare the number of supply chain attacks Debian's apt repos have compared to, say, npm.
Have you considered talking to people instead of imagining their response? Because regular people seem kind of fed up, and we're still over here cramming insecure computers into everything.
In what way? Good luck using this thing if the network is down, or if the website is down, or if DNS is down, or if the domain expires, or if the author disappears. A program you download and run is yours forever, a website can disappear tomorrow, or get acquired and get enshittified. It happens every single time, and then there's a thousand-comment thread here, until the next web app that everyone loves, and the cycle repeats itself. Do we never learn? Am I taking crazy pills?
Probably the same features that computers have had since the 1960s, but nobody writes native applications anymore. Guess I'll have to pass on this one. I wish Chrome weren't the only operating system people chose to write software for.
Devs don't know how to write software that doesn't immediately balloon to gigabytes of memory use for a "hello, world" application. Seriously, they've just never done it.