Actually I would feel better if sudo access without passwor was restricted to the application manager (although this also opens root access to malicious packages, but at least its only packages )