Re: I suspect that most didn't even know it was an option
I don't (thankfully)
if I need to allow -u someuser I'll put it in the sudoers[.d] definition. Occasionally I do though, for customer projects even. NO '!root' or anything similar either, I require explicit exact command matches! It makes the sudoers config file longer, but so what. It's anal retentive, but so what. Being anal retentive on security helps to prevent *this* sort of thing...
worth pointing out the 'pi' user on Raspbian has global sudo 'no password' access to EVERYTHING. Just sayin'. It's for convenience, of course, but if you do NOT change the 'pi' password, very VERY insecure.