No, if for example you add a web domain to admin user, and for some reason you upload a php file like this:
<?php exec('sudo /usr/local/hestia/bin/v-change-user-password admin "newpassword"
And anyone visiting that php file in your site, will change your admin password.
Take a look here to get more info.