After deeply checking about the fuzz on bug #534047, I think the reaction is exaggerated. The default policy from PolicyKit applies for single user that can install signed package from official repository without root password but unsigned packages need authentification. Grab any unsigned package and test yourself. For multiple user account, setting policy is the key.
Busy weekend. I just took a break for making a presentation of Fedora Core 6 and Fedora Project for Vancouver Linux Users Group which will debut on November 20, 2006. A local computer store was kind enough to give me a laptop for the demonstration of Fedora Core 6 (Zod) live spin and Sugar interface from OLPC Project. Should you be interested to view that event and live near Vancouver, here is the address .