If the choice is between a webapp and a native app the webapp is going to give users more control and a choice of the platform they want to view it on.
I may be in a minority but I still want to run on desktop linux with an ad blocker or vimium.
Also, when pi-hole and mitmproxy are our only options to know what our device is doing and to block things we don't want, then we've lost. The web browser is basically the last bastion of control that we have with its devbar and networkbar and all. Blocking content/requests is something our devices should be able to do themselves.
It's a miracle of history that we have the browser, and it's hard to imagine us having it had it been invented today. We need to fight to keep it, not dismiss it with "ugh web tech amirite?" while we regress to native app black boxes as our only option.
No applications installed through the Mac App Store have permission to read your documents unless you explicitly allow that. And you can revoke that access at any time by going to System Preferences… > Security & Privacy > Privacy > Files & Folders.
Your response entirely fails to address the parent's concern about security. It's like responding to a RCE in your backend with "yeah it's there but we'll trust the users to not use it"
I do not understand your example. It would not be the user triggering the RCE but rather a 3rd party. In addition I do not see how it fails to address their concern.
Cookies or use tls authentication.
> And how would we make offline webapps which don't store anything on servers?
Don't make webapps in the first place.