Well, if there is a proper permission system to go with it I don't think that's a bad thing. We want web apps to become as powerful as desktop apps, don't we?
When it comes down to end users permission systems never work. Let's take Android as example. It allows you to view fine-grained permission list for each application which you are going to install -- that's good, right? For end users -- not so much. They click "OK" just to remove all this useless information and install their application right away.
Permissions on Android suck because they aren't fine-grained enough. Maybe today I want an app to have this privilege but not tomorrow. Maybe I want this feature that requires this permission, but not that feature that requires that permission. Rather than a blanket EULA-style shrink wrap grant of permissions up front.
I think it's true that the Android permission system is not very good; an application with zero permissions can read everything on the SD card. However, I'd like to think this is just a weakness in Android, rather than proof that permissioning system for end-users don't work.
Are there any other recent examples of poor permissioning?
Maybe the fact that programmers are typically more considerate about this, but it has no "real" benefit to end users, leads to the whole design/workflow not getting much attention.
