I mean DOS is essentially just the frame work between the software and the BIOS/hardware. Once code is running the OS isn't doing too much.
In that sense DOS programs run without any guard rails. Video memory is just a memory address where you can throw data in and it shows up on screen, but it also means that any kind of memory pointer issue can write over almost anything in RAM. It was trial and error to ensure everything worked and seeing as machines were not always online, there was a much smaller risk of security issues being leveraged.
Risk was minimized with the use of segmented memory. A bad pointer would generally only clobber something in the same (data) segment of memory. But there were no segfaults; a program crash means a reboot, which is why so many people optimized config.sys abs autoexec.bat for fast boot.
Come to think of it, maybe things aren't so different today -- if something goes wrong in your container/vm, many teams just wipe it and start from a clean snapshot
In that sense DOS programs run without any guard rails. Video memory is just a memory address where you can throw data in and it shows up on screen, but it also means that any kind of memory pointer issue can write over almost anything in RAM. It was trial and error to ensure everything worked and seeing as machines were not always online, there was a much smaller risk of security issues being leveraged.