Actually "Cocoa-AppScripts Applet" from "unknown source" is a huge problem.

If you go into your application library, most of you have a "Cocoa-AppleScripts Applet" from unknown source file, that's malware eating your passwords, image files, javascript, and canvas. I don't understand why apple hasn't removed it, but it makes your entire internet experience unsafe and exploitable. Apple allows any "local" script to be executed assuming it's a choice. The problem is they are giving way, way, way to much away at a "local" level for a click of a button, and way, way, way to much control to enterprise. The end result is if you click connect to a business wifi it can take over your entire system and user experience.