Hehe. Or they could send a 0 to your fan velocity. Or flash/lock (setting the flash bit to 0) your BIOS through ACPI calls. Even stolen your Steam token credential. I saw an example that runs commands as a Systemd volatile user service. There are a few POCs on GitHub about recovery passwords from the browser (sand-boxed environment) for generic environments. I think that everyone here is old enough to understand the consequences of our acts.