> the rooted user could use employee only methods. Somewhere or other every bank has methods that set balances on accounts.

Exposing these types of APIs in any way outside the bank ever would be gross negligence.