The users tend to be less tech savvy than Linux users so they tend to not have adblockers and or allow arbitrary JavaScript from any page to run and or they are running trojanized software because the uploader was “trusted”.
Due to market share they are the biggest target.
Untrusted devices should be on an isolated subnet or if you have the time only devices that need to talk to each other should be on the same subnet.
In an ecosystem where the solution to every problem is “Download this piece of software someone wrote because the standard Windows utilities are worse than useless and don’t provide this basic functionality”, you can’t really blame the users for running every script they encounter uncritically.