From my perspective, if you union mount e.g. an NFS file system and then star modifying the underlying filesystem directly, you deserve every bit of pain coming to you. It makes perfect sense to enforce anything that can be reasonably enforced, such as making sure that local file systems must be mounted read only in order to be part of a union mount, but I fail to see why one should artificially exclude e.g. NFS file systems simply because making those sanity checks aren't possible on a remote file system.
How about having an ounce of trust in the universe; competent sysadmins will get it right, and the rooting out incompetent sysadmins quickly is actually a good thing?