The idea of a vulnerability in any app I run having access to all my things is quite scary. Status quo is that they at least have to reach the file storing browser cookies before they "become me"; the way Tailscale is talking about their system sounds like fewer barriers.