Zero disagreement but GNOME I don't think is the one in a position to fix this as I'm not aware of any implementation of the better application level security model that doesn't require a lot of kernel support.

For some reason the OS can manage to ask me about what windows I want to screen share, but not about if i want to share secrets between apps or not? I don't see how this require kernel support - it just needs people recognising it as a problem that is wanting to spend the time actually solving it.

I mean kinda yeah. Literally any program running as your user can connect to dbus, grab your secrets and slurp your home directory. Flatpak 'solves' this issue by putting the program in a sandbox that can't talk directly to dbus and proxies the messages with a filter.

The thing you need the kernel for is to attach meaningful identities to programs and restrict them without needing to sandbox them. And there is a ready made solution to this, one that dbus is already aware of and can use natively. But on systems where it's available a lot of users immediately disable it—SELinux.

There's precious little evidence of these sort of things being problems for linux desktop users, in practice.

Because no one cares about 3% of desktop users, when much juicier and larger targets also exist.