MCP can't go mainstream, because when dangerous things happen, the user is blamed by the community.

For example, see the Hacker News comments on "Code execution through email: how I used Claude to hack itself"

To go mainstream a solution has to be idiot proof.

The vulnerability has to be something that everyone on a jury of users would agree was the idiot's fault, not the systems.

Anything that requires tech savviness is not idiot proof for a general population.

Tech knowledge is expert knowledge.

A "jury" of people from the general population would blame MCP; a "jury" of people from the developer community would blame the user.

That disjointness implies MCP as it exists has a low distribution ceiling.