This seems to be changing as of recently this year. There have been many security-related changes including making options such as Node integration disabled by default [1]. Support for renderer process sandbox is also available [2].

[1] https://github.com/electron/electron/pull/14284

[2] https://electronjs.org/docs/api/sandbox-option