It's not academic, it's a real practical reality.

Alice runs many services and has a rather large attack surface. I don't want Alice to persist those secrets, only to have them briefly at startup (think joining tokens). Bob however has exactly one job, verify that Alice-1 to Alice-N are in a trusted configuration before granting them access to the cluster.

Very recent events in the Linux kernel prove that it isn't safe to assume "0600 root:root" is sufficient to protect secrets from a misbehaving container.