They don't do that. Apple userspace has continually got more secure too.
One simple example: recent versions of macOS run all apps inside a sandbox, even those that don't opt in. One thing the sandbox blocks is apps modifying each others files, which up until then had been a major weakness of the security system (signatures of a bundle were checked at first-run, but not on every execution).
One simple example: recent versions of macOS run all apps inside a sandbox, even those that don't opt in. One thing the sandbox blocks is apps modifying each others files, which up until then had been a major weakness of the security system (signatures of a bundle were checked at first-run, but not on every execution).