Your point is important, driftdiver. That’s one of the things that makes the Mac OS so good security-wise. Nothing (to my knowledge) can modify your root directory without first asking for you to enter your administrative password. Users should think twice before allowing any third-party software to access root.
BTW, I’m kind of down on Mac OS for other issues, despite being a long-time Mac fan. In the security arena, I’ve never had a problem with it, but Apple Corp. doesn’t seem to have any concern whatsoever for anyone who likes to game on occasion. In fact, their OS updates keep breaking what few games actually run on Mac. With Firefox and iTunes available for Windows, I’m running out of reasons to stick with Apple 8(
The whole point of Unix systems is that a non-root user can install and run most software in his own account. You only need to write a script to set the proper $PATH, $LD_LIBRARY_PATH, and whatever other env variables you need.
Webservers run as ‘nobody’ and have no privileges, and so can nearly every other piece of software.