to me it sounds like
The enviroment variable is used to redirect print output to a file and the problem comes in because the process using the variable has its got root access or the sudousers file is write enabled for non-root accounts.
So the solution to retain security is to prevent modification of security files via sudo, personally I never liked sudo anyway and it was always easy enough to open a root shell. Even keeping sudo they could just move the print to file into userland
Making things easier by usurping your security is Microsoft's mindset and disease like this really shouldnt cross the species barrier, time for Apple devs to get their heads straight