Please tell me why the part of the OS that draws on the screen ever needs a promiscuous sniffing connection to the network? Or the filesystem handler needs to have access to the USB subsystem (there should be a subsystem to connect the two, but that surely only needs access to USB devices and an internal filesystem daemon interface).
This is why you modularise, compartmentalise, permission and break off rather than still sitting with a superuser tucked away capable of doing EVERYTHING.
Even in an OS, you shouldn't have one part of it be able to access everything if you're at all concerned about security. (Performance is an entirely different issue).