Comment by e12e

That is fine, but you give up any pretence of security - your agent can inspect your tool's process, environment variables etc - so can presumably leak API keys and other secrets.

Other comments have claimed that tools are/can be made "just as secure" - they can, but as the saying goes: "Security is not a convenience".