This has been discussed before.
Iirc the team said that there has to be some kind of exploit for a full filesystem extraction yes, but in this case it only possible with the users consent (give away your password)
"full file system consent-based extractions "