The shift happens when developers realize they don't need permission to build on Bitcoin/Nostr the same way they needed permission to build on AWS or OpenAI APIs. Every API key requirement is a compliance checkpoint. Permissionless rails remove that friction entirely — which is why regulatory capture always targets the on-ramps, not the base layer.