That's a terrible distinction to make on a topic about how the coding agent gained root inadvertently.

Unix has always had incredibly weak protections between users. You shouldn't rely on it as a security boundary. Think of it as a "keep honest users honest" protection. And llms are not honest.