It seems to me that Polykit is a way to reduce exposure of privilaged applications to
non-privilaged users. This should go a long way to reducing the amount of root-level exploits
going on in a typical Linux desktop.
Say you have (a classic example) cdrecord (or wodim or whatever people use nowadays) set to
run with root rights for a paticular group of users. Well that's a non-trivial program and
it's going to be ripe for abuse if a account gets comprimised. Essentially your giving people
rights to at least part of the in-kernel SCSI stuff.
Another example is the Ubuntu desktop were you have a large number of applications that
require gksudo to work properly. Your giving root rights to many large and complex GUI
programs with a whole host of dependancies and many many different code paths that little to
nothing to do with.. say.. updating the machine with latest security fixes, which is a
required thing to do and not easy for admins to do for users travelling around with laptops.
So PolicyKit, it seems to me, will reduce the exposure of these privilaged activities down to
the dbus system and the input of whatever daemon you have floating around to take care of the
request. I figure that as long as you have strong input validation and dbus was designed
correctly then it should be a much better system for Linux desktop rather then the sudo/setgid