It's not good that they allow anyone that happens to be in your car briefly root access. It'd be live having an always-on laptop in your office with a open shell on it.

They should have provided some mechanism for the real owner to approve updates if the updates aren't all trusted by default.

Who cares? The valet could do any number of other attacks, like stealing the car, sabotage, adding a tracker, whatever. Threat modeling is important, otherwise security can harm one's own goals. Sometimes you have to briefly trust another person. I'd rather have an open shell inside a locked room when the alternative is no access at all.