The exact same thing was said when Apple introduced Gatekeeper in mac OS Mountain Lion four years ago. The default when Mountain Lion* shipped was to allow apps from the App Store or signed apps from other sources, and it's still the default today. The blanket option to allow all apps and go unprotected is now hidden, but it can be re-enabled from the command line. And you can still override Gatekeeper for individual apps from at least three different interfaces (attempt to launch the app, then open the App Store prefpane; right-click the app in Finder; use spctl from the command line). As far as I'm concerned, that's all as it should be. It's still possible for a user to selectively bypass Gatekeeper, but it's harder to do so accidentally or globally.
(*: The back-port to Lion allowed all apps by default as a concession to users of old hardware that were left behind when Mountain Lion dropped support for 32-bit EFI.)
That's no guarantee that Microsoft will be as wise as Apple has been. Instead of code signing, Microsoft is encouraging developers to wrap Win32 apps in UWP containers so they can be published from the Windows Store, so probably not as wise. Closed-source OS developers aren't idiots, though. Apple and Microsoft both know that the "default walled garden on desktop" button is wired to the self-destruct system.