It's only a security nightmare if the threat model assumes hostile user access and a passive main user, which, as it's not multiuser, and most definitely not a consumer OS, doesn't seem too bad to me.