Yes thats a good point. I agree not a solution for all.
A this is being done mainly for deploying diagnostic settings across all resources and showing compliance primarily, we are not concerned with malicious intents ( at the moment)
But i hadn't thought about and great to see that pointed out.
Thank you very much!