Perhaps a bit off-topic, but relevant to the OP...
In Linux everything I need comes from one or more trusted software repositories, and all of the updates are performed through the same tool in the same way, so I do not need to familiarize myself with the different update systems for different pieces of software.
In iOS everything is downloaded and installed through the app store, updates are similarly pushed through a single (presumably trusted) source. Same with Android and the various marketplaces and presumably with Windows-based smartphones. (Symbian and RIM aren't really in the game anymore, and it is likely related to this.)
So that leaves Mac OS X and Windows as really the only predominant platforms where you grab stuff from every which where and install it. And IIRC, even Mac OS X tries to consolidate the updates into a central tool (I remember Java and Adobe updates coming through the Mac OS X update tool).
I expect that this model will prevail and within 5 years the majority of software for any system (Windows included) will start coming through central repos (or "App Stores"). Linux has been there for over a decade, but hasn't got their act together with respect to branding, ease-of-use, and revenue sharing (Ubuntu is bridging that gap). So if we can get to a point where software is signed, or at least has a verifiable hash, and it all comes from the same trusted place, then a lot of these issues will be moot.
On Android you can download from third-party sources, including app stores which operate separately from the Android Market. Additionally, those applications have free reign to update themselves. The Amazon App Store must be downloaded outside of the Android Market (due to it being a competing service), and updates itself independently.
Sure people are free to take whatever risks they want with their own lives. Regulations are there to stop people taking risks with other people's lives, who don't wish to accept that level of risk.
They're also there to keep desperate and/or ignorant people from being taken advantage of.
If you want to be as safe as apple's walled garden, stay within the official marketplaces and you get that.
The other alternative would be if the OS asked for user permission before an application could access the internet (just one time, not every time).
Android already does this. When installing an app, it displays all the permissions an app can use, and you get to accept or reject the app at that point. After accepting and then installing the application you no longer get prompted. Network Access is one of the permissions that must be requested by the app.
Read the article. There is a randomly-generated application-specific 16 digit password that is used for things like IMAP and POP3. If someone gets access to that (unlikely, since you would never need to write it down, and Google encrypts IMAP and POP3), they can only access that specific service, and its not going to be the same password you use anywhere else.
To add to the parent's statement, the application-specific passwords you generate aren't temporary. Instead, they continue to work in perpetuity until you decide to revoke them from your Google account page.
He who steps on others to reach the top has good balance.