I think it's reasonably within scope of the threat models considered by operating system creators.
I still don't understand the threat. Is it that a user who is not "worthy" of more permissive security may nonetheless be capable of enabling more permissive security?
I can put that more charitably by thinking about it in terms of informed consent, ie does the user understand the risks involved. But if you're concerned that someone following a video tutorial or seeking out a friend has not consented, then I think your standard for what constitutes consent is ludicrously high!
And if it turns out that lots of people are consenting to something, that isn't a failure of design. You asked your users a question, and they gave you an answer.
The threat is that users who are not sufficiently tech savvy will shoot themselves in the foot, including using methods they don't understand. This is a pattern we've seen play out numerous times. The more secure platforms are overwhelmingly the ones that protect the users from themselves, and (most) users value security over absolute computing freedom.
loading story #48376501