Re: I thought containers were a thing now
"Most applications don't need to ..."
I think that one is "citation needed" but even if it is true it is not relevant. If you have existing files, written by some other app, my malware can offer to do something helpful with them. That's quite a common pattern for utilities. They provide that little extra feature or capability that wasn't provided in the original app, or they bring together two apps to increase the value of both.
Of course, once the end-user has helpfully pointed me in the direction of some data that I know how to compromise (Thanks, end-user!) I can update it and "helpfully" introduce some vulnerability that my friends can exploit.
"their 1960s pre-network, timesharing model of "security" ..."
Don't hold your breath on that one. The fundamentals haven't changed. If you lose physical security, it's game over for the hardware. If you run un-trusted code, it's game over for that security context. Sadly, the solutions available haven't changed either. There's still no way to establish trust between two parties that know *nothing* about each other. Certificates are an attempt to provide *some* trustworthy background information, but the actually trustworthiness of the various CAs over the years has been patchy.