Creative Mode is a security risk

To any reasonable server operator, Creative mode is seen as a huge security risk that is unsafe to give any untrusted user. This is why I deem this a bug and not a feature request. This is a security risk in the Minecraft Server with a supported mode.

This is a huge problem for servers that want to give creative permissions to allow free form building with infinite resources and access to the creative menu.

Server owners are forced to use 3rd party solutions to filter suspicious items which is not possible to do on Vanilla, leaving public Vanilla Creative mode servers impossible to support.

I propose a solution to this to decouple the freeform item NBT access from creative mode.
Creative mode should use Survival Mode inventory behavior, and the creative item menu should be a registry of "tab 1 item 3 = this item on server" and the creative mode menu simply sends a packet saying "give me tab 1 item 3", where the server then controls the creative menu, and potentially let data packs add and expand the menu.

Toolbars should be saved per-server instead of on the client removing ability to create malicious items in single player that then carry over to the server. Toolbars should only support what the player was legitly able to create themselves.

Copying an existing block should also be supported by creative mode.

Then, the ability to free form items should be limited to ops, and restricted to capabilities of the /give and other item commands. It should not be possible to add NBT tags to an item with Creative Mode alone. Modifying Item NBT needs to be a restricted permission.

Then, server owners would be able to give untrusted users Creative Mode access without fear of them being able to abuse neverending exploits to gain op or waste server resources creating lag.

Open for discussion on improvements to the idea!