User=0day considered harmful in systemd

Systemd is intended to be consumed by people designing operating systems. So it's expected that they should understand the software they are working with as well as be willing and able to make modifications when necessary It's a upstream project intended to be consumed by experts. If end users get burned by a systemd default it's at least partially the distribution's fault for not taking the time to configure it correctly for the users.

What we have here, at least in some ways, is a balancing act between the need for secure defaults and the need to have service files not only be backward compatible, but compatible between different distributions.

I think the solution to this problem may actually be a sort of 'systemd-lint' program. Something you can run that will check your service files for bogus lines, bad users, and other common pitfalls. There are multiple places that you can find configurations for any single service definition and requiring visual inspection of the code for correctness is really just setting up users and system administrators to fail.