The point is the operating system is centralized enforcement end points. And if [an] attacker put his code on that level, in that case, he can change the behavior of the application. Just think about ...