Disabling SIP is not having “your house unlocked”. It is just one of several layers and mechanisms.
If I ignore all other layers (network, permissions, …) it certainly increases the risks. Enabled SIP decreases the risk of other configuration faults.
But I don’t think that just disabling is the equivalent of “open house”.