It seems that Apple is considering changing Sir's settings so that only the owner of the device can activate it. The reason behind this change is that the digital assistant can be accessed without actually unlocking the phone, which represents a potential threat to the owner's security. However, at the moment, this is just a possibility that the company is analyzing, so there's no telling if and when the IT giant will actually introduce it to iPhones and iPads.
As far as I understand, Apple wants to implement this functionality by using a combination of a specific key phrase and Siri's ability to distinguish the device owner's voice. Basically, the user will have to select and use a special phrase (not Hey, Siri!) to activate the assistant and Siri will analyze the voice pattern to see if it matches. In case the digital assistant is unable to confirm that it's actually your voice that it's hearing, you will be asked to confirm your identity either through touch ID or by entering a previously chosen password. This may seem like a bit of a security risk, but it also ensures that you will still be able to access Siri even if you have a cold or if you've recently been to a concert and you've lost your voice.
From my perspective, this is a really good idea as Siri has been used in the past to access the owner's photos without having to unlock the phone. Furthermore, since you can now activate Siri on MacOS, voice recognition capabilities would be a welcomed extra security layer.