If you’re using a web app, your data lives on someone else’s server. Not on a computer you can physically control or even—perish the thought—disconnect from the internet.
Oh cool, the app that handles all my private financial and/or health records runs on the internet and keeps my information in a datacenter in northern Virginia, but at least it can’t get access to the data on my local drive, which by the way there isn’t any because all of that data is in another web app and stored in quite possibly the exact same datacenter!
But there is no need for the app to do that really, there are APIs like localstorage and IndexedDB in place to allow you to do all this clientside. Browsers have come a long way from just html renderers.
There's no need for web apps to store all of your data in the cloud, but almost all of them in the real world do it anyway. Users have been conditioned to expect that if they log into the same web app from two different devices that their data will still be there, and this can be a huge convenience, but it's also less private and less secure than what we had with desktop apps.
Oh cool, the app that handles all my private financial and/or health records runs on the internet and keeps my information in a datacenter in northern Virginia, but at least it can’t get access to the data on my local drive, which by the way there isn’t any because all of that data is in another web app and stored in quite possibly the exact same datacenter!