Considering how many people nowadays install software with `curl ... | bash` and consider that normal, I wouldn't trust those who say "your regular apps can already do anything" as if that's an excuse. It's not. It's often very problematic, just not an easy problem to solve in a general way without also making all your software toy-like. Android tried... yet somehow the Play Store is infamously full of malware, while F-Droid only avoids that because each and every app there is audited by a human being.
As a compromise, the stand-alone lilt interpreter could be given free reign if it doesn't have such already, since in principle you have to know what you're doing to use it at all. And Decker itself could have a flag to disable the sandbox, if it's not too much work.