You're right, and that's definitely a concern for a lot of users. The idea is you should be able to set any WireGuard configuration file setting from the server, including PostUp and PostDown, which are just arbitrary commands.
However, we're adding a switch for this pretty soon which will allow disabling the edit-ability of those fields.
It should probably be loudly default-disabled or outright removed, that's a very, very unexpected feature. It's an unprecedented tool for moving laterally and gaining gigantic amount of access within internal systems. Nobody could possibly build a secure network around a VPN where the controller can bypass all isolation, containerization, and all access controls through a web interface on another machine.
Totally fair. You've convinced us to put that into our next release. While that's a big flaw it's a simple fix, and it should be in the code base by the end of the week.
However, we're adding a switch for this pretty soon which will allow disabling the edit-ability of those fields.