Comment 17 for bug 1611171

Its not exploitable, its just really bad practice.

A command should not elevate its privileges without being explicitly told to do so.

The discussion from the original change basically boils down to "I don't know what user my config files are owned by, and / or I do not know how to run sudo"