Think about why they ask for access in the first place - it's because camera access or screen access might be unexpected for the app you've just started. Or maybe you don't trust the app with your camera (looking at you, Instagram).
QuickTime Player is already on your Mac and you already know what it does when you launch it.
There are millions of ways you implicitly trust Apple software to not violate your trust when you use their products. The whole point is Apple can gauge whether it is appropriately stewarding that trust in first party code much better than it can with third party code.
I guess that's fair, because the name says Player. But still, the way to not use those features is to not use those features. Unlike a third party app you don't need to worry about it trying to read your screen if you haven't explicitly started a screen recording. If you can't trust Apple to do that then you can't trust Apple to block third party apps from recording, either.
Security boundaries are for more than intentionally bad apps, but things like bugs causing code execution or other ways of abusing their privileged position.
An app decoding complex untrusted media files from the internet? It should have the absolute minimum permissions.
That's not the problem Apple was trying to solve here.
I suppose I could see a system where every camera/screen recording access by QuickTime Player forces a popup, because you can't say whether it happened intentionally or due to opening a malicious video file, but that would have to be opt-in for sure.
QuickTime Player is already on your Mac and you already know what it does when you launch it.