This still doesn't sound the most secure. I think it would be better to have a multi-layer config, where the first layer is something like "Enable Enable Enable Root?", which enables the second layer dialog "Enable Enable Root?", which enables "Enable Root?" dialog, which then enables the SuperUser.apk "Enable Root for this application". You can't be too secure.
I do agree that getting rid of the ever present root shell on the USB port is a good idea, but asking if you'd like to be asked questions? Coating a knife with liquid rubber doesn't get you a safer knife.
I do agree that getting rid of the ever present root shell on the USB port is a good idea, but asking if you'd like to be asked questions? Coating a knife with liquid rubber doesn't get you a safer knife.