that ~exec is run with root rights is something. I do not think Amazon spend much time or money on securing this device - its basically open and there are tons of ways to getting root. off the top of my head:
1) boot initrd image via serial plug and swap out the password hash in /etc/shadow
2) for some reason said root password hash is only hashed with crypt (sha1). and maybe just "luigi". so it is crackable. Other password hashes in there use md5. this also requires the serial plug.
3) the ~exec method
4) the jtag
common to all these is that no total retar^w^w non-computer savvy person would attempt them. combined with the looming release of the kdk amazon might have decided that locking down isn't really worth it and might even hurt in the long run. I think they plan to get every single person that is able to read a kindle.