My question was rhetorical and intended to point out that granting an exception for 'good' software to do a bad thing is just allowing bad actor to do the bad thing.

Then, when the exception has to be revoked, the backlash is massive. Look up the recent example of the driver FanControl used to issue SMBus commands being blacklisted.

I was pointing out that keystroke injection is already the norm. The exception is banning it for some software.

It has been the norm since we first started automating processes designed more for people than automation. It will remain the norm for as long as that exists.