It's much worse than that—in many cases, such as passing a filename to a program on the Linux command line, correct behavior requires
not validating, so erroring out when validation fails introduces bugs. I've explained this in more detail in
>>44991638
.