> Additionally, there is no way for a systems administrator to easily audit those packages installed by users; if a user is running an insecure, out of date program because they haven't done an update in six months, this could lead to some pretty big problems.

Not true. A sysadmin can modify other users' profiles, e.g. to force-upgrade packages and destroy generations referencing old packages.