As a threat model, it's a little outmoded. With the browser being an application platform, you do this every time you click a link. There's something sinister about considering a local open source application as dangerous but a closed source "cloud" app as safe.