At the core of it, serverless means that those building applications no longer have to care about how their applications do what they do, they just have to tell the applications what to do. That’s revolutionary. And it opens up really complex application development to people who never could have done this before.
One great example of the power of serverless is Bulk Data Computational Analysis (BDCA). I can take a windows admin who can barely write batch files – they don't even have to know how to use PowerShell – and inside of a day, I could have them writing voice recognition apps. Our hypothetical novice developer can slap a fully functional voice recognition app using little more than code snippets from Stack Exchange and some public sample code from Amazon.
And that is the problem right there. A good coder will be able to recognize a problem (eg exploit or an embedded rm -rf / *) code within the copypasta - but the above windows admin will not know how to spot an exploit or the such, and will compile a big problem...
Keep in mind, ne'er-do-wells will think outside the box - and they will try to obfuscate their ne-er-do-well piece of sh*te code in such a way that it will looks as if it does X but actually does an rm -rf all over the place.