The problem is that nowadays, people roll their own solution, don’t take the time to learn (somewhat understandably, given the complexity of today’s stuff. You simply cannot learn all details about your hardware, OS, and third-party libraries anymore) but immediately deploy things in production.
Eating your own dog food can be good, but for security related stuff, it can easily be disastrous.
I for one would encourage people to learn how the stuff works, including various low-level internals. But Tart and VirtualBuddy et cetera are again convenience wrappers (settings, pulling packages, friendly UI, and so on), the OS framework (Virtualization.framework) here does the actual work. If someone for personal use constructs a bad UI or chooses to store their settings on a public server then that's on them. And maybe a good learning opportunity, everyone has to start somewhere.
Not to forget, people are letting agents run loose in their home directory on their main box, surely we can do better than that here.