Its threat model isn’t to protect you from anything a state-level actor might try to do, but to give you insight into changed app behaviors. Why is my weather app now talking to Bolivia? Why is a shell script trying to connect to an Active Directory server? I don’t think that’s so much a hole as something that’s just out of scope for Little Snitch.