If you are trusting users to install any software on your system without a password by using software that leverages PolicyKit,
That’s just it, isn’t it? Are the people using PolicyKit aware that this is the default? (Are they even aware they’re using policykit?)
If Big Routers, Inc. puts a default password of Chewbacca on their Router 9000, can they fluff it away as “oh, it’s supposed to be like that”?
I actually hadn’t even heard about this grinch thing, so the FUD hadn’t yet reached my corner of the tubes.