The ultimate goal here - and one of the most lauded points about the network - is that your credentials are never sent over the network. Therefore, there’s no way that an APP that only runs within the context of the launcher can steal credentials. That’s point #1.
Point #2 is that it doesn’t prevent the executable doing whatever the OS allows it to while it’s connected. So screen-grabbing/keylogging is possible.
As an aside here - If the data is to be sent over the SAFE Network, then someone will have to pay for the PUTs. If the launcher disallows a third-party to pay for PUTs (e.x. only the logged-in user can be billed - as it should be) then you’ll know that you’re PUTting a lot of data onto the network because any good wallet software will tell you so.
On the other hand, if it’s transmitted over http/s, that security aspect goes right out the window.
But back to point #1: If the OS that you’re on allows the executable to spawn other processes (like a keylogger/screen grabber/etc) outside of the launcher session (which only handles network authentication, not process execution - that’s the OS’s job) then those can continue to run after the connection to the SAFE Network is closed. However that means that either the data is stored on your local disk or transmitted over the existing internet.
Once a malicious program is running on your local computer it can act just like any other malicious program. The launcher does not “sandbox” apps - that is the user’s prerogative to do so via the OS.
TL;DR - Running executables is the OS’s job and is not dependant on the launcher - that only handles network authentication. Any executable can install/run malicious programs directly on the OS - and should be treated with the same caution as any other current application that is in existance (FOSS plug goes here). A malicious program can own the entire computer, including (but not limited to) your SAFE credentials if it is allowed to by the user.
Zero-knowledge proof and/or 2FA? Nice.