The second one is pretty bad, if I would get this notification while having a wallet unlocked in metamask with USDT in it, maybe I'd click automatically on "Approve".

Nothing can be done about it, Metamask (or a web browser) can't whitelist URLs. Users must know what they must know, things like "don't have critical and unnecessary stuff open in a web browser at the same time, browser extensions can read everything in the browser even while not visibly active at the moment, and metamask is a piece of software that doesn't know my email". (And if it knows my IP or my other Eth addresses then this is my own fault.)