Many users love root access because it enables some apps to have additional functionality, and at least one Android security app (Avast) even uses root access to make itself invulnerable to uninstalling.
However, in addition to the extra features, enabling root access also opens security vulnerabilities, as well. Here's what the CyanogenMod team says:
"At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach."
"Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users."
With the changes, there are four different levels of root access:
Enabled for ADB only
Enabled for Apps only
Enabled for both
CyanogenMod is the world's most installed third-party ROM, with over 1 million installs on various devices.