Everything is allowed to do that. You're right that it's not good security-wise which is why Apple blocked that sort of thing years ago. On Windows unfortunately the whole Win32 ecosystem is very dependent on programs injecting things into other processes, the API makes it quite easy and there's lots of sample code for it. It's a major source of stability and crash bugs there.
For example, antivirus products do this all the time, as do many video drivers and other system utilities.
Also, Explorer has various plugin interfaces where it'll load third party code and run it in-process since the very first version.
For example, antivirus products do this all the time, as do many video drivers and other system utilities.
Also, Explorer has various plugin interfaces where it'll load third party code and run it in-process since the very first version.