I think you misunderstand the concern, suppose a user enters gov.mil as a domain to test with which they are unaffiliated.
The tools test it and with disastrous affect all governmental and military services go offline.
It would be reasonable to then take legal action against the platform rather than the user, as the user did not confirm they had permission to perform testing or that they understood the risks involved.