You have to be very very careful with this stuff. These SaaS companies have tons of paying customers giving them thousands of dollars a month. If customers mess up with an officially supported MCP and delete their assets or break implementations or DDOS their own site it’d be nightmare for sales / support.

It makes sense they very slowly transitioned from read-only to limited write. You have to carefully beta test. Both figuring out the guardrails and finding usecases where it actually works well. The only way to do that (properly) is a slow drip release cycle.