The problem Outlook had a few years ago was exactly the opposite. A completely closed system, set up with insecure settings by default. It would run the scripts inside an email when you viewed it, and did not require the user to click on anything. The idea was to make things easier for the user. How's that for ironic? :)
But Windows is open, and that virus .exe runs with no "authorization" from Microsoft. Your argument of insecure by default is a red-herring in the current discussion.
So you have to be defensive in your use of more open systems, because anybody could have written malicious code for you, and you're lacking the walls of the walled garden to protect you.
As I've been stating through the thread, I am taking this stance because I want to be lazy and safe when using my phone. I don't need or want another full-blown computer to take care of, update, and defend. The trick will be getting the right "jailbreak" switch that's easy for technical people to flip, but very difficult for lay-people to get tricked into.
Of course you're right. They couldn't have done full code reviews on every app. But they do review every app to some degree. Combine that with the locked-down nature of the phone, and you get a reasonable amount of security.
The problem Outlook had a few years ago was exactly the opposite. A completely closed system, set up with insecure settings by default. It would run the scripts inside an email when you viewed it, and did not require the user to click on anything. The idea was to make things easier for the user. How's that for ironic? :)