> The idea of securelevel is that not even root is trustworthy.  So
> letting anyone, even root, load LKMs while securelevel is > 0
> compromises security.

LKMs can be loaded safely, provided they are "approved" at boot-time (residing 
in a special directory?) and protected by suitable immutable-flags thereafter. 
What you have then is no worse than the kernel itself. Loading arbitary, 
unknown LKMs when securelevel>0 is of course a no-no.

Peter