@TheBaldness
When you bundle everything for an app inside a self-contained directory, it's no different than static linking a binary.
An exploit in a library the package links against means that application is still vulnerable even if the same library on the operating system has been updated to fix the security flaw.
@TheBaldness
For apps that Apple controls that may be fine, but most people do not get their apps from a single vendor and not all vendors are fast at pushing updates.