I'm pretty sure they already do that. As always, the standard network security advice is "don't trust the client", and yeah, it'd be nice to be able to trust the client, but it would also mean the total abandonment of any meaningful user control over their own devices, so it's not worth it IMO.