Right. It’s a weak argument “as few features as possible”, “use as few code paths as possible”. Currently we state:
Shared folders are also discouraged because it weakens isolation between the guest and the host. Providing a mechanism to access files of the host system from within the guest system via a specially defined path necessarily enlarges the attack surface and provides a potential pathway for malicious actors to compromise the host.
But the same could be said about any virtualizer. Perhaps to a less degree because the virtualizer itself is considered more secure but then I wouldn’t know why it would still be a good idea to pick on that feature specifically. If you could clarify that in the wiki, that would be good.