This is a classic conflict that I’ve observed a lot. Similarly, widespread SSL pinning and app sandboxing makes it difficult to reverse engineer opaque outgoing traffic. It might be more secure, but you also cannot easily inspect what data a sandboxed, cert-pinning service is sending to the outside world.

I think it’s probably something like “security, privacy, anonymity... pick two.”