SIP had numerous exploits over the years, basically. The new volume provides additional isolation and utilizes native mechanisms in APFS to make it transparent to the user space. 'Defense in depth'