Typically this view is proposed because a malicious attacker can actually make your program do all sorts of stuff you probably did not expect, including adding "functionality" that you did not include in your program.