[ndriscoll]

By default steam puts everything in ~/.local/share so I don't see why it would need root.

These drivers generally try to prevent you from using virtualization for the same reason they want root. The point is that fundamentally they want to live one level above wherever the user is, which means they compromise user ability to secure against them. The game industry isn't exactly known for slow, careful development, so they're kind of the worst group to give root.

Even without a VM, multi-user security does work, and Linux has other tools to isolate programs. Steam already runs in a sandbox[0] on NixOS to give it a normal FHS layout and work at all, so it wouldn't be unreasonable to add more isolation.

[0] apparently using https://github.com/containers/bubblewrap which can also do things like PID and network isolation.