> […] they don't believe that security problems are different than non-security problems, and refuse to establish norms or policies based on the idea that they are.

They believe there is no difference being able to get root and not being able to get root? It seems to me that to-be(-root) and not-to-be(-root) are quite different.