I should point out that this has been the case for script-based solutions in SharePoint for as long as there have been script-based solutions in SharePoint.
I’m not trying to write off the security concerns at all. What I’m trying to encourage is better, more open, collaborative discussions about them between IT and the people who need stuff done. Starting with “No” doesn’t work.
All regulations and statutes must be supportable as requirements by policy or governance. In some cases that means no script (as a by-product of the requirements), but there is no single answer to these discussions. Your basket of clients and my basket of clients have different complexions, as do Julie’s or Thake’s or anyone else’s.