Wallet security question

Many times, when people lose funds in a crypto wallet, it's because they've approved a malicious contract which gives a third party full access to their crypto. Ive had a few close calls myself.

So my question is: why dont for example metamask add a warning text when such access is granted?

Is it because the code giving this access can look vastly different, making it difficult to identify? Or that the part of the code responsible is often used for legit reasons? Or is it just not prioritized security question?