Systemd has been growing new features that extend or replace traditional Linux security components:
- systemd-nsresourced instead of subuid/subgid
- systemd-mountfsd for unprivileged mounting of file systems
- run0 instead of sudo
- empower group with magic root rights
- Varlink to allow easy turning of command-line programs into services
- Polkit rules to allow privilege escalation with centralized policy

Why are we building new components that augment/enhance/replace existing tools?
Are installations with no setuid/setgid binaries possible?
What are some cool things that weren't possible before?
What are the threat models that this is trying to address?
Are distros like Fedora really making full use of those features or should we rely on them more?
Where is this all going?