Apple knows and relies on the fact that a regular Mac user would be intimidated by requiring a terminal command: `sudo spctl --master-disable` to enable un-trusted apps!
EU, FTC, et. al. need to look into this monopolistic behavior, where Apple constantly cock blocks anything it hasn't blessed, the fee for the blessing - a cool $100/year, assuming they don't start arbitrarily rejecting the said blessing, as is the case with their iOS app store.
Apple's entire marketing strategy revolves around customer empathy, but their actions don't
But, no security defaults with either Mac, Linux, or Windows stops an app that has user level access from having access to all of the user’s documents - except for apps that are either in the App Store or voluntarily sandbox themselves.