Why is it a security problem to have /usr/sbin owned by bin?

view story

http://unix.stackexchange.com – The Sendmail Installation and Operation Guide (§1.3.1) asserts: For security reasons, /, /usr, and /usr/sbin should be owned by root, mode 07552[...] 2Some vendors ship them owned by bin; this creates a security hole that is not actually related to sendmail. [...] Why is this a security hole? Are there systems that run processes as user bin? (HowTos)