Right, so this is all defense in depth. That LED is sort of the last line of defense if all others have failed, like:

The exploit mitigations to prevent you from getting an initial foothold.

The sandboxing preventing you from going from a low-privileged to a privileged process.

The permissions model preventing unauthorized camera access in the first place.

The kernel hardening to stop you from poking at the co-processor registers.

etc. etc.

If all those things have failed, the last thing to at least give you a chance of noticing the compromise, that's that LED. And that's why it stays on for 3 seconds, all to increase the chances of you noticing something is off. But things had to have gone pretty sideways before that particular hail-mary kicks in.