Well yes, grown-over-time permission systems are also at fault when it comes to the lack of security in third party extensions/apps. IMO unix is still the standard in terms of simplicity and power of permissions - if the system architect separates concerns correctly into different base entities ('files'), the permission system just falls into place. You know what other system did this pretty much perfectly? Lotus Notes. Yes, I'm serious - it's a document based DBMS with per-document permissions where everything is a document, including the application design, contacts, logs, calendar entries. Too bad its UI is still stuck in the early 90ies.