Re: superuser rights on the vacuum
All Unix OSes require root to do a lot of things, so avoiding the use of it isn't feasible. Perhaps they could have taken steps to minimize their use of root for network facing services, but the real problem was the same old story - not programming with security in mind. A shell script was able to be run with a %s argument supplied by the attacker.
No doubt the argument they supply is something of the form "foo; <command of your choice>". Those ';' (or & or | or whatever) attacks are as old as Unix, and easy to leave in place if you hire someone on the cheap who does the minimum possible to make things work according to spec, and neither management nor the programmers give security a passing thought. After all, who would want to break in to a vacuum, right?