Since macOS 10.15 Apple checks every app on launch against a list of blocked apps, and to be even more cautious you can disable running apps that do not originate from the App Store with the option of also any registered (and not blacklisted) developer.
If an app doesn’t require any privileged access to particular folders or peripherals, then you can just run the app from wherever (unless an enterprise-managed Mac has restrictions on app launch locations). You only need to be an admin to copy an app into the /Applications/ folder. Oh, opening with a password should be no problem on macOS, it’s just annoying to encrypt unless you learn the terminal command or use a third party app.