Really good internal security practices by the people who make the OS :) I don't think an attacker would be able to pull off disabling features like secure domains, secure enclave, etc. in macOS without anyone noticing seeing as it takes months of approvals, testing, etc. for a single build to even hit the beta channel.