This principle also works for security vulnerabilities in open source software, by the way. That is, the responsibility for preventing security exploits rests on the party who operates or deploys the software. Don't want the "risk" of open source? Feel free to use something more expensive. But it might be cheaper to pay the original developer for patches.
Whoever is responsible for putting the computer in a position where its decisions mattered. Whether that's the owner or their agent is a question for which we already have a couple centuries of mostly-adequate legal precedent.
Seems like the clearest legal principle to me, otherwise we ban matches to prevent arson.