Comment 4 for bug 357235

Luke, I don't think so. If I grant an application access to private data, I can still later revoke all of its access with a couple of click. If that privilege level also allows the application to empower additional authentication tokens (SSH keys, OpenPGP keys, OAuth tokens, for example), I can no longer do that. A malicious application becomes much harder to stop.