>> It does cut out the possibility of clever dynamic library trojans
>> being inserted into the system.

>If you can replace the shared libraries, it's likely just as easy
>(from a permissions standpoint) to replace the binaries themselves,

But are we talking about trojans that actually replace the system
shared-library files, or LD_LIBRARY_PATH-style trojans?