I think the point is that this is an entire class of vulnerability that most people may never have thought about, but could very easily result in some nasty remote code execution and/or privilege escalation via setuid.
Yes, that thing that is designed to execute commands could possibly result in commands being executed. Similarly, the intended use of a setuid binary is to escalate your privileges.
I'm asking you why you thought the knife would stop cutting things when it hit your hand instead of the loaf of bread.
I'm asking you why you thought the knife would stop cutting things when it hit your hand instead of the loaf of bread.