You're still ignoring the crux of the difference in _risk_. Say the risk of `rm -rf /` for any given model is 1%. That is, the probabilty, that it'll just absolutely saveagly destroy the system you're working on. We know it's lower than that, because millions of tokens per day are generated and we only get a few of these "production database was wiped" news items.

There difference is still: If that risk-reward is to be recieved, you can't tell me you'd rather have it run locally than on some system you're managing. Because POV, you're the one responsible and if a coding tool _takes out your system_, you no longer have any means to fix the problem.

So, maybe the risk-reward is _technically_ equal, but only if the operator of the coding tool continues to operate regardless of what commands it's issuing. That's not the case if you're just saying "hey guy, use ssh for all your commands"