At MS typically the left hand does not know about the right. So, this is a bad example. Anyway, one should be responsible. Law is like a telegraph pole. You can not jump over, but walk around. (Russian proverb) The question is, should you. Because this is a problem of moral of the developer.

You can run code from everywhere - but you should not. A responsible educated person should manage a PC. That's why there are rules. That's why there should be the step to sudo or elevate or logon as admin. To answer the question: Do I really do the right thing
Windows owns this odd DOS behaviour and a lot of 32bit applications are still unable to run as user. They trick and cheat instead of doing homework and follow common behaviour.
Crap like Zoom is not interested in users security. They give a dam on it. Only growth and money is important. That's why they circumvent the rules. Make it so easy for the user simply mean do it wrong.

You can dismount the brakes from your car and drive it. It will work. Used sensitive, you will not crash into the first wall. Nothing on the car prevents you from doing it. There is only better knowledge against it.

The whole idea should have grown since Win95 started to place code under programs folder, since the idea came up to log on to a Windows machine. To not be admin on day to day work. The path was laid out clearly. Manifests and all those ways to bypass the difficult way is a business decision of MS to keep old style stuff alive the cheap way - just to keep MS Windows on it's market position.
A common user might be unaware of all of this, a developer should be aware.

This was all nice and ok when there was no internet. Those days are over. I would not risk customers machine, data, and company because of easy installation and update procedures. One thing is clear - they will like it easy the first - and start a lawsuit if it goes wrong. They can live with the hard way - other programs require it to, it works like a charm.

I will not go deeper into this.
>And why installation of programs under LocalAppData would be a bad habit, when it's supported and endorsed by the OS vendor?
>
>>There is no software. There are only different states of hardware. I know.
>>
>>;)
>>EVAL() is just like SQL-Injection. If you use it, you must parse it before. VFP is a security problem at large. The best is stuff not included into the exe. User defined reports, for example. One can do a lot of fun with this. But this does not mean to provoke it by bad habits.
>>
>>
>>>As it is still 2min Friday: vfp app and esp. screens ARE data!
>>>And a lot of bad stuff can happen to dynamic systems (about everything using a form of eval() from data dirs...