You could argue that we have security licenses (eg SOC 2), however I don't think it actually succeeds in making software safe. I think software is hard because unlike a bridge, which is built with limited scope and the risk is known when it's designed, software grows to become load bearing without us really realizing it. Eg CrowdStrike, I never would have assumed that an outage could affect so much of the world.
Dev tools in the browser are a direct editor, sure you can't drag things around with the mouse, but you can edit values live and see them change. Big difference from recompiling to see changes.
Except you can't prevent people stealing the videos then. And as much as I don't like how things work right now, I think people have a right to get paid for stuff they make and Netflix is one way of doing that.
All the videos are _already_ available anyway, several minutes after they're available on Netflix. And on Youtube they are _literally_ free, with ads. People sign up for Netflix subscriptions to not bother with torrents and pirate forums, and for Youtube Premium to avoid ads.
That's why it makes no freaking sense to _not_ make your content available for paid subscribers using APIs.
I like the idea of requiring extra work to get notification access. But really what all these scams pray on are time sensitivity, take that away and you solve the problem in many ways. For example, your bank shouldn't let you drain your account without either being in person or having a mandatory 24hr waiting period. Same could be done with side loaded apps getting notifications, if it's side loaded and wants to read notifications, then it needs to wait 24 hrs. Mostly it won't ever matter.
Alternatively reading notifications could be opt in per app, so the reading app needs to have permission to read your SMS message app notifications, or your bank notifications, that would not be as full proof as that requires some tech literacy to understand.
At this point that API has been around for decades and is probably impossible to deprecate without breaking fairly large amounts of the web. The only option is to introduce a new and better API, and maybe eventually have the browser throw out console warnings if a page still uses the old innerHTML API. I doubt any browser vendor will be gung ho enough to actually remove it for a very long time.
reply