Architecturally, I think Terraform really ought to be hosted, because otherwise you have to trust everyone with a far-reaching admin cred on his desktop right next to Zoom and maybe BonziBuddy.
That's tricky since the state file frequently contains secrets. You can try to keep secrets out of the state file but that's largely provider/resource dependent. For instance, if you create an AWS RDS Postgres database, the state ends up containing the resource password. If you allow only plans, users can still access the password in the state file.
For RDS you can change the password after creating the DB, or use the SecretsManager integration.
There are similar workarounds for other providers and resources. I use TF without storing secrets in the state file (providers: AWS, kubernetes, helm, onepassword, datadog, auth0, and more).
You can exfiltrate secrets that aren't in the state, but are in accessible resources during a plan using an http data source with the secret encoded into the url
stuff like Atlantis exists. it doesn’t eliminate the need for someone/something to have wide permissions, but you definitely can narrow who/what has that access day to day.
Same issue. Terraform doesn't separate invoker permissions from runtime permissions. It runs with whatever privileges the invoker provides and since it's doing arbitrary privileged things it generally runs with arbitrary privileges.
The only real fix is to run it in a client-server model like a web app where the user has limited permissions and the server gates access to the privileged backend permissions.
Put another way, if I want to create an S3 bucket on AWS, I need S3 CreateBucket privileges, not "run Terraform" privileges.
My $DAYJOB's architecture is completely self-hosted (Proxmox, Nomad, etc). I would not prefer to have some external tool managing that infrastructure.