This is a shockingly common sentiment in open-source maintainers, that all software on a machine should be trusted.
Just to name two recent (and thus inexcusable) examples on top of my head:
Systemd refused to fix a privilege escalation through their use of "less" for years because they argued any user getting to that point should be trusted. The real world doesn't work that way unfortunately. They relented when someone took the initiative to fill a CVE.
Caddy's admin interface is system-wide opened, any local user can inject configuration and take over everything. Doesn't have to be a local user; think of any service you run that can makes web requests on behalf of people (custom api endpoints, avatar fetching, etc), it can be used to take over Caddy.