It's very hard to accidentally give a random guy access to your Gmail inbox. Doing so would require you to opt in to a dialog clearly and explicitly stating that you are giving said permission to a developer.
You’re dismissing the observation that users habitually click accept or continue when prompted with a dialog. Sure, you can blame this on the users being lazy but it becomes ingrained into users when everything they access has a dialog, especially when that contains terms of service that would be twenty pages long in paper form (slight exaggeration). I cannot even count the number of times I’ve had conversations with people when observing this behavior. So many users inherently trust that what they’re agreeing to is not only safe, but widely accepted. After all, why else would the service be so popular and have so many users—“Someone out there had to make sure this was legit before me.”
Im suggesting a UI feature same as the one Github has when deleting repos: clearly input the full name of the repo, or in this case, maybe input ”I UNDERSTAND” in order to proceed. This could be a browser plugin maybe...
Access to my personal email would be pretty much security game over for me as far as I can tell. Other people might feel otherwise.
