Not sure though, if yellow.php is like WordPress or its
…ecosystem of badness. With other web apps - like Wordpress for example - you can also have themes which can be made independently. But if themes can include arbitrary CSS and Javascript then this means it’s possible to create themes which exfiltrate data or attack users, and a black market then develops around such themes, which is comparable to the market for zero day exploits and other “cyberweapons”. In the presence of such threats, projects then usually create an official store or approved site for downloading themes, and once again you start to get gatekeeping and centralization. Points of control.
(https://blog.freedombone.net/tackling-the-ecosystem-of-badness)