Security Issues with Open Safe Files

Call it a feature or a convenience, I call it dangerous. Safari will automatically open any downloaded file such as a zip file or disk image. Theoretically, it checks if it is a signed file and thus “safe.” ¹⁾ I'm not comfortable with this because it can be used in exploits, usually a social engineered exploit.

Instead of opening automatically, I want the download to be saved and I will determine if I want to open it or not. Thus I turn this feature off in Safari>Preferences>General and uncheck the “Open safe files after downloading.”