And there's a lot of things that require root that shouldn't. Such as apps that back up you applications and their settings.
Part of Android's security design is to isolate apps from each other by running each app as it's own user_id. Thus, if you want to back up the data from all apps, you need root (or designate some sort of super-user that belongs to all of those groups in order to read those files). Just like in other *nix, user A cannot read user B's files if the file/directory permissions are restricted.
Android Firewall (linked above) allows easy blocking of net access to each individual app because they all run as separate user_ids, so the iptables rule is trivial.
Permissions Denied is another (root-only) app that can deny certain permissions to a selected app.
Both a firewall and selective permissions should be part of the core OS so users do not have to root their phones. If only Cyanogen Mod was installed by manufacturers/carriers...