That's only a problem if you allow untrusted users operate the docker daemon.
Sure, if you trust every developer in your company with the root password anyway, why not? That might be true at Docker (the company), I don’t know. Certainly wasn’t true at one company I worked at with 30,000 devs...
By the way, this problem does not exist with competing container tools like Podman/Buildah.
Not necessarily every dev box, but I'd say that in most environments it's reasonable that devs would have full permissions in any "their" dev boxes/VMs. If you split boxes/VMs across devs instead of sharing them, then the access would be limited to whatever people are assigned to own that box, but they'd have full access. I mean, if something breaks, it should be trivial to reset that machine or get a new one, VMs can be cloned and spawned in seconds and there's no reason not to spend an hour once so that you automatically get a fully working dev environment with all the tooling needed.
In any case the notion of "the root password" seems weird, root passwords should be unique (even for VMs), randomly generated, and mostly not used; in most situations you'd use publickey authentication instead of passwords.
Sure, if you trust every developer in your company with the root password anyway, why not? That might be true at Docker (the company), I don’t know. Certainly wasn’t true at one company I worked at with 30,000 devs...
By the way, this problem does not exist with competing container tools like Podman/Buildah.