From a security engineering perspective, adding a site to a legacy “Trusted Sites” zone is a dangerous anachronism. The original IE model assumed that “trusted” meant “benign.” But in a world of cross-site scripting (XSS) and supply chain attacks, a trusted site can be compromised.
Consider this attack chain: