If you manage to infect your systemd unit list which requires root privilege and give it a permission to run on boot I don’t think it’s an attack vector anymore its one’s stupidity. Systemd is the furthest thing from an outside attack. Someone might poison your bashrc and its more possible than someone inserting a malicious unit file and asking you to run.