People want to be able to put code in a box, and have code to function without unwanted side effects.
The consistent cognitive bias in the programming community is towards placing blame on certain groups or practices as being at fault, then piling on.
This approach consistently ignores the root cause, the lack of a widely used, secure operating system for anything smaller than an IBM mainframe.
If your OS can't be counted on to limit the side effects of a program to those chosen at runtime, you can't trust it.
Windows doesn't do this, nor does any other common operating system on PCs or embedded systems.
The reason mainframe systems are secure is that you specify the everything to be tossed into running a program prior to its execution, and it can't ever exceed those capabilities.
We need to make things GNU Hurd or Genode a viable choice for programmers and hackers, then for the average home user. If this is done, then we can finally actually fix things for once and for all.
Until then, IT is going to be a sump pump repair business, and IT Security is the roto-rooter man.