Comment by crimsonnoodle58

11 hours ago

> there's no reasonable threat model where something would be given unrestricted access to user env, but also be untrusted

What like a nefarious vscode extension, or npm or python library like we have seen many many times over the past 6 months.

I think you have some holes in your threat model..

PS. A simple VPN back to your static IP enables roaming.