Sadly these two things can be true at the same time. As a hacker I love devices which (maybe accidentally) expose a way for me to run arbitrary software on them. At the same time as a person carrying a computer in my pocket containing my entire life I'm not a fan if that allows anyone grabbing said computer to run arbitrary software on it.
The ideal here is the standard approach where a user has to explicitly take some sort of action which can't be found accidentally and done without understanding the implications to activate debug mode. On Android that's tapping a specific item in the about menu way more times than you might think would be necessary. On iOS it's hooking up to a computer, then authorising the connection on the phone. Either way you get both the ability to run arbitrary(ish) software without someone picking up your device when left on a train being able to do so.
