A wide misconception. Chroots are easily implemented and add security
almost for free (often /dev/log is all that is needed) and so can be
used by default without any potential problems, they also never bring
new risks and always make life difficult for an attacker to raise
priviledges or get what they are actually after when done correctly.
Even at a simple level it should be obvious that they can just nullify
the payload so the attacker simply goes elsewhere. Does
Bwahahahahahahahahahahahahahahahahahaha!