@Adobe is to blame
You are right that a document reader (or web browser, email client, etc) should NOT run with any privileges that could allow system-wide code injection, but that is not to say that it *wont* in all cases.
Why, for example, is IE6-8 not separable from w2k/XP, and updates to it generally require a system reboot?
However, there is also the question of a crap document reader being capable of running bad code that could be used in conjunction with OS vulnerabilities to penetrate the system.
In the case of Adobe, it in a combination of crap software (an endless stream of issues, and multi-week delays in patching, that make MS look the golden boy in comparison), a flaky updater (though it is possible they had this centrally managed in a competent manner), and finally some incredibly dumb features such as executing a program from the document! WTF!
So while the OS should be up to the job of protecting against injection, you can start by dealing with open gateways to code execution in the first place.
Remember, in a case like this (wanting to steal valuable documents) simply compromising the user's account is often enough to get the documents. You don't actually need system-wide root access, though of course that makes the black hat's day if they achieve it.