The default zero-length halt, poweroff, shutdown, and reboot files in /etc/security/console.apps allow any console user to halt, power off, shut down, or reboot the machine if they have logged into it. I believe that this is an undesirable default, and that two things should change: First, I think that userhelper should default to assuming that a zero-length file means either that nothing should be allowed or that 'USER=root' should be the assumed contents, instead of the current undocumented assumption of 'USER=<user>'. Second, I think that these four files should all have the contents 'USER=root' added, to make the policy explicit.
We disagree, and believe that these are reasonable defaults. Someone who has console access already has the ability to do much worse than this in most cases. In the case of a server machine or a "cluster" type situation, the defaults can be easily modified.