That's absolutely not true. For instance, the BSDs have the notion of securelevels (https://man.openbsd.org/securelevel.7) which severely limits what even the root user can do. SELinux can do a lot of the same things.
Ah I'm more familiar with Linux so that's my bad, it was still a shocking and annoying observation I had. It doesn't fully bother me cause I never even need full on root on a Mac but this one time I did and having to tell my wife (girlfriend at the time) how to do all of that over the phone was just suspect, just so she could root a tablet that had a kill switch (Nvidia Shield Tablet).
I don't know about bsd, but there's lots of documentation on how selinux works (including source code) and information on how to alter its behavior in a fine-grained fashion. and selinux doesn't leave itself a backdoor (as far as the nsa has told us)
That's a different issue, though. Today, booting into macOS is similar to booting into a BSD with securelevel=1 enabled, or into Linux with SELinux set up not to allow modifying files in /bin or such.
