"I'd be much more concerned about a security model that prevented applications grabbing data without the user being aware of it and sending it off to places the user has never heard of "
I think you need to add a few more things along those lines. One being to stop the OS itself doing the same thing. Another being to protect malware vandalising rather than grabbing the data. The third being to prevent the system from being hijacked for Bitcoin mining, spamming, DDOS or anything else.
Those are the current concerns. There's always the possibility of something new coming down the line next year.
Sad isn't it? The main criteria for an OS in this day and age are more centred on what it needs to prevent than on what it needs to facilitate. I suppose the explanation is that the last several decades have been spent on providing facilities and not enough on security. It's time to redress the balance.