it is objectively an improvement, but for most users it doesn’t matter that much

we should probably also focus on other attack vectors: decryption permission is all-or-nothing, the user can be fatigued into granting unprompted sign permissions to an app etc