What are the security implications of enabling custom scripts?

Hi,
I am trying to understand the security implications of enabling custom scripts in a SharePoint Online site collection. This is also covered in the Microsoft document

https://docs.microsoft.com/en-us/sharepoint/security-considerations-of-allowing-custom-script

What are the implications?
e.g. upload an aspx page that uses JavaScript to access API's present on the platform (e.g. Graph API).

Are custom scripts intentionally disabled in your tenants?

thanks,

Paul