I think you’re misunderstanding what that parameters purpose is. It’s simply a shortcut for the example you have shown. If you have a users ID you can delete them without writing that where clause.
DB::table('users')->delete($id);
The above is identical to this:
DB::table('users')->where('id', $id)->delete();
You’d obviously perform a check prior to using any of these methods to ensure that a valid ID has been supplied. I wouldn’t say it’s a security breach, just something you as a developer needs to be aware of when developing your application. You don’t just go willy nilly deleting things without first validating the input.