I mean, sure.

But what about allowing user inputs in trusted fields,

Or allowing switching environments per request, on inputs from users

Or allowing requests in a user context to access storage from another

Or storing everything in plaintext on a node that everything can access

Or not validating user inputs

Or...

Its not a success story.

Nothing on auditing other fields? Nothing on how it escaped test coverage? No fuzzing?