The Pod's ServiceAccount only specifies the identity of processes inside the Pod. By default the ServiceAccount token gets mounted into the Pod, so processes inside can use it to communicate with the K8s Api.

Even if a user (like via `kubectl`) doesn't have access to Secrets, they can still create a Pod which can access a Secret. If the user also has permissions to exec into that Pod, even the Secret value could be revealed.

Also a bit more here: https://github.com/kubernetes/kubernetes/issues/76954