However, even without knowing Poettering and his previous work, you can see that the idea is half-baked. Look at the console examples closely.
Yes, nowhere does it prompt for a root password! Which means that anybody who can get to a virtual terminal can become root by just typing machinectl shell. And somebody who is logged in over the network (presumably...) can't log in as root at all, even knowing the password.
And frankly, what is the trouble of sneaking "unwanted" environment stuff into su? You have to enter the root password anyways, so the only thing which you could hope to achieve was what happens before password validation. And while in the past there had indeed be vulnerabilities that attacked su in such a way (sneaking LD_PRELOAD into it), these have been fixed since long ago.