HELM should be executable only as a sudo, and the "helm list" command should be restricted as much as possible. In the best case, HELM is not present in productive clusters.