Its a safety feature not a security feature.
The execution policy isn’t a security system that restricts user actions. For example, users can easily bypass a policy by typing the script contents at the command line when they cannot run a script. Instead, the execution policy helps users to set basic rules and prevents them from violating them unintentionally.
Like the popup you get when you paste a command with new lines in it. It doesnt stop you from pasting a command that would run immediately, but it warns you that what you paste will immediately run.
More of a here-be-dragons