If you don't trust your own dev VM, why do you use it for development? Why do you connect? If you clone any random repository and click "trust this" - what do you expect to happen?
If I want to edit code I don't trust, it would be entirely sensible to stick it on a throwaway VM and SSH to it. Except that VS Code entirely screws this up.
As far as I know, even if you don't tell it you trust the code, the mere act of SSHing to the system blows up the trust boundary, and malicious contents of ~/.vscode on the target machine can get RCE on the client machine.
And I want to connect because VSCode is a fairly nice editor and the actual Electron application works a bit better than the webpage version. But the Electron application can't bother to sandbox itself and doesn't have a security model, so there you go.
I often connect to my remote servers because they have a problem. If a machine has a problem I can ssh into it and inspect it without worrying about my localhost. If I used vscode, I have to also be lucky, which is not a good security assumption.
The main thing would be supply-chain attacks designed to execute code on developer boxes. ideally, a dev VM or container that gets pwned wouldn't be able to immediately start exfiltrating all the secrets on your machine, just whichever ones you've given to the dev environment, which are probably fewer than "all of them."
(Forgive me if this question sounds uninformed, I haven't used VSCode much, but if true this would not be behavior I expect from a code editor).