TBH, anyone who cares about security and runs Win7 or Win2k8 or newer should be using virtual service accounts and managed service accounts.
Those are more like Unix service accounts. Notably they don't need a password, getting rid of some of the management pain that led us to abandon the 'postgres' system user on Windows.
Now that older platforms are EoL and even the oldest that added this feature are also near EoL or in extended maintenance, I think installers should switch to these by default instead of using NETWORK SERVICE.
Then the issue of priv dropping would be a lesser concern anyway.