It's possible to make this argument, but only if you're utterly determined not to be pragmatic. I doubt that's Brad's position (but who knows)
"After two days, the administrator logged in and I was able to retrieve the root password for his su session" is a huge distance from "I ran this script I found on the Internet and got a remote root shell immediately".
Right now these processes have capabilities. The capabilities aren't something new, they're mostly now very old. What will change is that some processes may have _less_ capabilities, which even with Brad's examples makes the work of getting "full root" and thus the ability to cover your tracks, more tricky.