Re: the system packages for most distros are totally open by default.
"It's the reason why some distros are so keen on using sudo rather than encouraging a root login. You take control for as long as you actually need it and no longer."
I think there's a fairly complex history here. Ideally nothing should run with higher privileges than it requires. Your mail daemon should have a mail user ID, your printer daemon should run as a printer user such as lp etc. In old-style Unix there was a user bin to own most of the standard executables so root wasn't even needed for installations. Nowadays all the executables seem to be owned by root and in general root privileges seem to be needed for more admin that used to be the case.
Sudo seems to have been introduced in the wake of that - no need for all those separate IDs & passwords. IMV it's a bad compromise between security and convenience with logging thrown in as a some sort of gesture. It means, of course, that a member of sudoers can get root privilege with their own password; it's marginally better than running as root but it does mean that anyone who manages to get that otherwise ordinary user password need nothing else to gain full control of the system. Certainly a direct root login shouldn't be possible, but su to root with a root password and even then only when necessary; in a large installation someone only responsible for printers, for instance, should user a lesser ID such as lpadmin.