No but what I'm saying is, given other exploits, this could be one additional hurdle for attackers. I.e. right now, if they figured out how to bypass the prompt, I believe (?) they still couldn't install a binary that isn't signed by Apple.
The point is that every layer helps. It's bad security practice to build a single layer of defense and call it a day. People always find a way through.
If a JS script can bypass all of this then you have a bigger problem, the malware developers can easily already have a dummpy app already in the app-store that is signed by Apple, the installer signature is the last thing you should worry about in this case (better disable JS now)
You are correct that the walled garden contributes to security by creating "another hurdle" for attackers to overcome.
Nobody is arguing that Apple's approach isn't more secure; they are arguing that the tradeoff (an additional layer of security vs. the right to install the software of your choice in a computing device you paid for) is not worth.
There are countless examples of this. Requiring everyone to strip completely naked to get on an airplane would absolutely act as an additional hurdle for a person with nefarious intent, but we don't do that because we acknowledge that there must be a fundamental tradeoff between our safety and our freedoms.
