@Canageek
security and MIDI dont have to be related.
MIDI is a super simple and trivial protocol, just some bytes to designate status and channel, plus some values to go along with a message. midi messages dont typically take more than 3 7-bit values.

exception is sysex, which allows to talk directly to hardware yes.
but sysex is an optional flag on the webmidi API request.

the cardinal web app thing does not request sysex permissions but that popup still appears.