Root access in recovery mode terminal

Yes, that is all true. They can also remove your hard drive and get access to all information, regardless of the permissions.

If you wish to prevent single-user or Recovery root access, Enable a Firmware password or use FileVault, or both.

Use a firmware password on your Mac - Apple Support

Make sure you write down and save each password. Recovery of your data is impossible if you lose the FileVault password. An Apple Store can reset the Firmware password, but only physically in the store with your proof of ownership. They cannot recover a lost FileVault password or the encrypted data.

FileVault renders a hard disk's contents totally inaccessible without its password.

Removing a hard disk drive from a portable Mac takes about five minutes. Its contents will remain permanently inaccessible, irretrievable and useless to anyone without its FileVault password.

Full disk encryption has already been incorporated in iOS for years, and is likely to become the default in future macOS releases. iOS device security has been the subject of at least a couple of high profile cases recently.

By reversing the process I just went through, anyone who gains physical access to a Mac can, in a matter of a few minutes, render it inoperable.

Sure. You can smash it with a rock. It takes no experience to do that.

If you should ever lose your Mac, or even if you want to secure it while it's not in your possession, read If your Mac is lost or stolen - Apple Support.

Tmzm wrote:

what can be done to influence Apple to change this?

Ask them: Product Feedback - Apple

Every year I'm surprised that Apple hasn't made a lock-down iOS mode an option in macOS. I know that scamware and adware is out of control right now. True malware is on the rise too. I think quite a lot of people would go for a more secure macOS.

You asked about the ability to render a Mac inoperable: "... anyone who gains physical access to a Mac can, in a matter of a few minutes, render it inoperable". Well, of course. It wouldn't even take that long. Ask anyone who's spilled a cup of coffee on one.

The point is that physical access to a Mac conveys the ability to perpetrate intrusive acts limited only by one's imagination, time, and available funds.

You're asking hypothetical questions for which there are only hypothetical answers.

Given FileVault access, the root user may access the contents of all User Accounts, but (as long as SIP remains enabled) not macOS itself.

No, I don't agree. Creating such a system would be mostly unusable.

iOS is pretty much locked down, but with physical access I can render an iPhone unusable in less than a second.

I certainly don't want my computer locked down to that extreme. It would serve no purpose to lock it down like that from an Availability perspective since anyone can destroy it just as easily.

If your data is more valuable than the physical computer, FileVault and shutting down your computer when you cannot maintain physical control is a must. I can just rip the case open and take the drive will little effort. And, I don't need to tear it apart at your home, office, or whatever. I can do that anywhere at any later moment.

Physical control is the key to all security.

While brute force attacks against a mixed-case, alpha-numeric, symbol password is not feasible right now, quantum computing may soon make that quite feasible.