/usr/bin/chage is suid root. It runs fine "sgid shadow", proving /etc/shadow is group shadow and group readable. Principle of least privilege is violated. It is a fairly trivial enhancement. It could be implemented along with making /sbin/pwdb_chkpwd "sgid shadow" too. Two less suid root binaries, can't be bad can it?
That means that the /etc directory will have to be writeable by the shadow group, because that's wehere the lcok files are created. Making the whole /etc writeable for the shadow group is not a small price to pay for this :-(
Why would the shadow group need locking? Certainly many of the shadow utilities don't use locks, including chage as far as I can tell. pwdb_pwchck also appears not to use locks, so this should actualy be pretty painless. I think that this is somting thats actualy worth implementing, as RedHat has been getting better re set-uid utilites, this would nail another couple.