What you can do on the same network
Is just the usual sorts of hacker stuff like p0wning systems, stealing data, encrypting it for ransomware, wiping all the data so the business comes to a halt.
What you can do with a PLC potentially goes way above that, as you can control physical objects/processes. Like when Israel destroyed many millions of dollars worth of Iran's centrifuges. To the extent it was possible to change the ratio of chemical inputs in an industrial process, or purge toxic stuff into the air/water, and so forth you could do much worse with access to a PLC than you could if you had full control of everything else on the network.
So yes, you must rely on the PLC for security unless it is on an air gapped network segment (and even then you shouldn't trust air gapped networks to remain air gapped; just because it is air gapped when you configure the PLC's security doesn't mean that won't possibly change years later due to orders from above or mistake/mischief) Plus an air gapped network or even an air gapped PC controlling the PLC doesn't rule out social engineering, getting someone to do something they shouldn't like plug in a random USB stick.
Biting the hand that feeds IT
