For Android users, it may be more of a problem. There was a sidebar article which pointed out that one-third of Android users don't bother with a passcode on their phones which would mean that if their phone were stolen, root would be accessible. But of course, with no passcode, everything would be open anyway. These are probably people who don't bother with passwords on their computers either, though.
Then on a shared computer system, anyone with a passcode could be a threat.
I am talking about a genuine Linux server. Mine has two accounts, and I am the only one who knows the passwords. It’s an Ubuntu server, so there is no root account.
My phone is a phone. I do no banking or any of that stuff on it.
That said, I do access my email on it, so those passwords are vulnerable. So I should probably be a little more security oriented in that regard.