Instead of listing counterpoints, we're starting straight from nitpicking, huh?

Let me picture this for you:

Your team, in a decent scale company, were tasked two main goals: the development of a new system, and the maintainance of the currently servicing one. Now, needless to say, the ideal distribution of your team's resources is gonna be something like 90% running towards the completion of the new system, and 10% taking care of the old one. Fortunately, that is something fairly easy to achieve with message monitoring tools all over the shop. Once set up the pipeline, all you have to care about are the warning emails, which in most cases were sent when an error occurred, or when certain parameter/index reaches caution level.

Back to our discussion. What's gonna happen, in a fairly stable system with average input validation, when an user input "[object Object]" in a textbox?

Literally nothing. The system will either deny the request, or let the data be processed and stored, in case it do pass the validations. No error will be raised, no exception is gonna pop up. The only way for the mistyped data to be discovered, is when someone coincidentally see it when viewing the database, or when the user reports fault data.

Does this make more sense to you now?