I have a Win95/Linux system and I discovered purely by accident a security bug in the installer that gives you root access to an existing Linux installation. If you run the installer (from autoboot.bat) up to the point where it gives you a choice between installing a new system and upgrading, you can get root access by switching to vitrual terminal 2. It's already logged in at a bash prompt there.
That is normal. Just dont let someone run the installation on your personal system if you have sensitive information. You dont even have to run the installation to get root access on a machine if they have direct access to the server. That is why most sensitive servers are kept in a locked room or closet.