bumping this as, like @faddat, I think the current state of things are contradictory.
osmosis is a permissionless chain, only for addresses that have been given permission.
the best integration these approved devs can bet on is getting an hyperlink somewhere on the main interface, leading them to another website. Meaning : users need the same due dilligence as when they use a permissionless chain. If anything, they are probably less careful than ethereum or solana users.
I believe permissioned uploads and governance gate-keeping prevents growth while protecting from no significant danger. If a malicious actor really wants to deploy on osmosis, they’ll find a way.