Something like this is very difficult to mitigate. You don't want to harass your user endlessly to unlock the keychain to get tokens and keys and passwords while they run their apps and visit websites.<p>The super user is always going to have access to whatever comes through the memory of the system anyway. Keeping the keychain unlocked just makes the access window larger, but keeping it locked always doesn't solve the problem if someone else has root access to your Mac. With root access they can install kernel extensions and just take anything and everything. (i.e. you're still screwed when a privilege escalation attack is found, even if you keep your keychain locked.)<p>Takeaway: Don't activate the root user if you don't need it. Don't allow remote access to your Mac for other users. Find other solutions instead.