Jolla should ship sensible and secure defaults. It's not unreasonable to expect some privilege separation between nemo and root, and that shouldn't depend on having a lock code (I do use one by the way, but it's beside the point).

I don't disagree (in fact I've made that point before, so much stuff on SFOS runs as nemo including systemd). There are still some things you can do without root though, in particular it's much more difficult to hide your tracks without root. An attacker with root privileges can clean up after themselves. It doesn't make any sense to throw away that security boundary unnecessarily.

Why is it irrelevant on Jolla? Do you mean because you can install software without root with pkcon? I pointed this out before, and someone noted that you can't add a repo without root. The damage you can do without root is limited and relies on malicious software in trusted repos, or the existence of apps in those repos that could be exploited to gain root.

I don't understand why people are trying to pass this off as unimportant. I'm not just hating on SFOS, what I'm saying is that Jolla seem to have hacked this part of the system together and have overlooked the fact that it leaves a hole in the system's security unnecessarily.