The Bitcoin protocol, the transactions and blocks, is also "arbitrary data"
They only get "value" and "validity" due to a convention followed by a group of people.
That's a philosophical view
Otherwise in Bitcoin smart contracts, for example OP_DUP is OP_DUP. Is part of the protocol, is verified by full nodes and the rules of it is enforced by them. If you break its rules (eg. empty stack), your transaction becomes invalid and rejected.
Just SRC-20 shows what may happen if "they" "fix" the "exploit" in Taproot. The spammers find another way to spam and even profit from the spam.
The exploit in the protocol is that it allows them to inject an arbitrary size data into the chain
without any size restrictions (except block weight of course). That's the very least exploit that needs to be fixed.
Otherwise, when they are limited there will be less and less reason to use this type of spam attack. For example they could use OP_RETURN as I mentioned earlier without needing to exploit anything. It's been around forever and people have used it to create "colored coins" which is basically the same garbage as XYZ-20 nonsense.
Most popular one is Tether/USDT.