Exchange online SPF

I may be missing something basic here but can someone explain if I used the recommended spf include statement (v=spf1 include:spf.protection.outlook.com -all( (see here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing) for all exchange online deployment because its not specific to my domain rather generic to outlook.com wouldn't that mean that any other exchange online customer could spoof my domain?  If they are also coming from that host being a exchange online user just like me

Does that make sense?