While I personally would have used a dedicated development target, the workflow he had at least allowed him to have a good look at any and all code changes, before approving with the root password.

That is a bit different than allowing unconfirmed loading of arbitrary kernel code without proper authentication.