The idea that "uid1 = unsafe" is a security myth that needs to die. There are other more likely avenues of attack such as incorrectly configured input formats.
There are plenty of contrib modules that check for uid == 1 and dole out additional privileges, so while Drupal core may only check for uid == 1 in user_access() and user_register_submit(), your site is only as secure as your weakest contrib module.
Here are three examples of (uid == 1) checks from a site I'm looking at now (and I'm sure you can find a module or two that I've contributed where I've done the same thing):
From workflow.module:
function workflow_field_choices($node) {
... if ($user->uid == 1) { // Superuser is special. $roles = 'ALL'; } ... }
From flag module's flag.inc:
function user_access($account = NULL) { if (!isset($account)) { $account = $GLOBALS['user']; } $matched_roles = array_intersect($this->roles, array_keys($account->roles)); return !empty($matched_roles) || empty($this->roles) || $account->uid == 1; }
From drupad.module:
function drupad_authorize() { global $user; if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Drupad')) { return FALSE; } if ($user->uid == 0) { return FALSE; } if (user_access('use Drupad application')) { return TRUE; } if ($user->uid == 1) { return TRUE; } if (arg(0) == 'drupad') { drupad_unauthorized(); } return FALSE; }
- Marc