This page (https://www.vaultproject.io/docs/platform/k8s/injector#authenticating-with-vault) states that is not recommended to use the default ServiceAccount:
A service account must be present to use the Vault Agent Injector. It is not recommended to bind Vault roles to the default service account provided to pods if no service account is defined.
Can somebody explain to me that is the disadvantage of using default ServiceAccounts? Is this in general a bad idea or only in combination with vault agent injector?