Another solution that could alleviate @cretz’s worries fairly quickly is to integrate the already-existing nativefier tool with the SAFE launcher. The primary modification it would need it to block anything that’s not a safenet link. After downloading the initial electron package for my OS (this can be bundled with the SAFE launcher), it only took 5-6 seconds to turn a web app into a sandboxed Electron application. We could have a URL address bar in the launcher that would automatically create the binary (would only be done once), and then launch it.
One could create a standalone application separate from the launcher that makes it easier for people to launch these webapps, but it makes sense that the launcher should be in charge of launching these webapps, so it’d be a good fit.
One downside to this approach is the size of storing the binaries for every webapp. But you’d have this issue with any natively-built applications anyway (with Electron, at least.)