Everyone doing it doesn't make it a good idea. The big tech companies and governments are I think a little more paranoid about rouge admins, so they do at least try to limit the blast radius of any given credential, but almost no-one else has that level of maturity, which creates this pretty big chasm in the resiliance of IT organisations as you go from small to large.

(There's also a certain irony about IT complaining that a change to improve security would mean they can't do their job as easily)

I don't think it's preemptive vs cooperative that matters. What Rust's abstraction allows is for a function to act like a mini-executor itself, polling multiple other futures itself instead of delegating it to the runtime. That allows them to contain subtle issues like stopping polling a future without cancelling it, which is, yeah, dangerous if one of those futures can block other futures from running (another way you could come at this is to say that maybe holding locks across async points should be avoided).

I think this is the trend, and it's probably a good one for most involved, except probably advertisers.

They're going to want to know about panels being installed, and regardless of whether the regulation says they can be installed, they will be, so the regulation will tend towards allowing installation but at least encouraging reporting it (while regulation that forbids installation will mainly just discourage reporting).

That does seem like an orthogonal question to me. That we are wealthier and better off now doesn't really say much about the raw capabilities of the people now vs then, when it's obvious that technology has a truly gigantic role in the wealth of modern times (and compounds onto itself: many technologies making developing new technology easier).