I think that the author of this blog post doesn't understand what a development environment is! Which isn't a surprise to me considering that fly.io is such a crap service, I'm not shocked they have employees that don't understand development practices.
Remote development environments with this sort of setup are sometimes needed for applications that can't effectively run on your local workstation, or where the server environment is very different than the workstation, or where you want to ensure better consistency than a local workstation can offer.
The operating system controls the security boundaries fully. Your ops team or person who built the remote OS can limit the permissions of your remote connection's user however they'd like. It's like the author of this article forgot how Linux works: you can restrict users from running certain commands or accessing unauthorized directories with trivial ease.
And when it comes to security risks, this is supposed to be a development environment. It's not meant to be used in a produciton system accessed outside the boundaries of your organization.
Remote development environments with this sort of setup are sometimes needed for applications that can't effectively run on your local workstation, or where the server environment is very different than the workstation, or where you want to ensure better consistency than a local workstation can offer.
The operating system controls the security boundaries fully. Your ops team or person who built the remote OS can limit the permissions of your remote connection's user however they'd like. It's like the author of this article forgot how Linux works: you can restrict users from running certain commands or accessing unauthorized directories with trivial ease.
And when it comes to security risks, this is supposed to be a development environment. It's not meant to be used in a produciton system accessed outside the boundaries of your organization.