I think there is already a very long discussion, and several spin-off-topics that have been moved from there, that led to the Confined Users SIG 
Concerning the post above, I just wanted to make sure that the “traditional” way still exists. This should not be forgotten. And even if the password is used twice, it doesn’t impact much of the security compared to using a sudo if the sudo has no restrictions anyway, while it might even create an increase of security in several circumstances given the higher separation and exclusion of the password from the actual user account and its GUI.
From another point of view, if something like sysadm_u or staff_u (SELinux confinement) is used within a GUI, even with using su/sudo, it increases isolation because it is then much harder for other processes to access the terminal/console that is running su/sudo and its respective inputs/outputs.