[Wowfunhappy]

Can you please expand on this? It wasn't my understanding at all.

A decade ago SIP didn't exist at all. I thought disabling SIP just put us back to how things were in Yosemite. What changed?

[saagarjha]

Apple relied on it being turned on and started introducing permission checks where you'd have things like "do thing as root" and check for some flag being set that is protected by SIP. If you have it turned on, there are no issues, because the check blocks both root and non-root users! But if you turn it off, now the "do thing as root" is available to any account because the flag is editable.