Ironic in a post about a CVE, as systemd offers more security options for starting services than anything else.