There's such a spectrum between "give it everything" and "give it nothing". Imagine you just want to use it to code and want to make sure any commands it runs doesn't mess up your actual machine.