VS Code runs web files in a browser rather than executing it directly, which essentially guarantees prevention of suspicious activity, but in local files, it doesn't have direct access to that recourse and needs to be more secure.

As the VS Code documentation puts it, "...Both the welcome view and the notification contain the Manage Unsafe Repositories command [under the Workspace section] that lets you review the list of potentially unsafe repositories, mark them as safe, and open them. The Manage Unsafe Repositories command is also available in the Command Palette (⇧⌘P (Windows, Linux Ctrl+Shift+P))." There should be a popup that asks you if you would like to trust this folder or trust the parent folder.