You can avoid this issue through significant domain experience. Knowledge != smart. I find your assertions regarding assurance and networked computing disturbingly naive. If this 'fix' was simply altruism and a crying need it would be apparent to more of an audience than Google. This seems more like sheeps clothing and misdirection from Google - as usual.
Another product stream and company (and hype) I was never a fan of. Best thing they did was to rip off FreeBSD and the worst was break *nix compliant userspace + influence design UX and UI patterns for a new generation.
Seemed lackluster to me. Adding code in a literally defined data structure failed to complete anything.
with open() as f:
ll = [f.(no help from here on out)]
I do exactly this. Granted I only have 50 chassis to deal with and can emergency boot to rescue via PXE. After 1st generation ILO and the enforced insecurity of vendor KVM options I saw the light.
Or someone can simply own your key holding device as you sip your beverage at the local hotspot or home wifi. Simpler to
go after the secret privileged client than the server.