Sudo is a security boundary, it has to be rock solid and an issue that doesn’t immediately look exploitable is still a big deal. Sudo runs under the control of the attacker, it’s playing with fire!
...which are still only useful under highly contrived conditions which require knowing so much about the target that it wouldn't be a practical concern.