The tool bar is modeled as a separate computer, that talks to the laptop not over USB, but a network interface.
That actually opens up a huge can of worms, as networking as a host of security issues. One example is with a VPN connection. For obvious security reasons, when a lot of VPNs are active, they force all networking to flow through them. That is problematic, because the remote side has no way to route the toolbar traffic back to it.
So, VPN software is now busily building out exceptions to their routing rules. Don't worry, I'm sure this won't lead to bugs or future security holes...
The touchbar is similar to an iOS device so it is a separate computing device that has a small attack surface so it is difficult to hack.
It for instance controls the camera, so without hacking the touchbar it is impossible to use the camera without the light turning on.
It also controls the fingerprint reader in a way that makes it hard to get the secrets that are protected by the fingerprint without actually providing the fingerprint.