Comment by skybrian
It depends on the system. Some servers just don't do very much. If a server validates the input and then just sends it on without doing any calculations, there's very little to go wrong that static analysis can warn you about.
And then the next server in line has to validate the data again.
Most languages have a way to represent a blob of bytes that you don’t care about the internal shape or meaning of. The point of parsing is to validate the stuff that you want to use. To use the Zod example from up-thread, you can use z.unknown() or use z.looseObject() if you care about some keys but not others (while wanting to propagate the whole object).