This is what sudo was designed for ─ limited admin privileges, assigned to different people. It’s a form of role-based access control. User A can bring up or take down the network, User B can reboot the system, and so on.
One of the interesting things that logind does ─ and consolekit in non-systemd distributions ─ is that it also checks where you are logged in from. So for instance, the user sitting at the local console can reboot or shut down the system, but a user logged in via ssh cannot.
I suppose it also became like that for convenience. We have to remember that by targeting the general audience (and including people that are not very computer literate), maybe some security aspects got put aside for the sake of easiness. Also, Ubuntu got its first moment of glory back in a era dominated by Windows XP (where people are often on admin account 24h/24) and when Windows Vista started to emerge (and people got pissed off with the first implementation of the UAC, which is roughly a pretty similar idea when we think about it (as you have also noticed), and people were actually looking to disable it).
Man, now that I think about it, I always create two separate accounts on Windows, but not on my Linux OSes. Huh.
Indeed, that could be a good option to have. If I remember correctly, Solus lets you configure as many accounts as you want in the installation for example.
I do not know if people will actually take habit of making two separate accounts though.
Hum… perhaps a lot of tinkering with Polkit rules and creating groups to grant additional permissions.
Absolutely the way it is works best, I even disabled password requirement for things like pamac, password is asked once and never again, however if in a corporate environment were having things more secure is a must then is up for sysadmin to secure the machine.
Changing this is a recipe for forum posts ( I cannot install any applications on my OS ).