Our docs reports:

The approval of the module integrity in the policies threat model implies they are allowed to muck with and even circumvent security features once loaded, so environmental/runtime hardening is expected.

Therefore, once a module is loaded, they have the keys to the castle.

After reviewing a few security reports about this feature, I don't think it provides much additional protection against our threat model: https://github.com/nodejs/node/blob/main/SECURITY.md#the-nodejs-threat-model.

Note that this was developed before we had a threat model.