Agree. I don't think this is an issue emacs can address. It is really about how sudo is configured. On many systems, users with the 'admin' privilege can run sudo to execute any command, including sudo su - root. Once you have root, game over - e.g. I can easily edit .emacs of any user and there is little emacs can do to detect that (unless you want to go the over kill route of requiring a gpg key at startup to allow emacs to read an encrypted .emacs or similar). As Lars points out, once you have root, you can just as easily compromise some other part of the system or install a key logger or even a modified version of emacs itself.