It would be great if you could create admin groups which can only read things in the admin panel, or are restricted to certain panels. And also maybe restrict them to a certain category. A more extensive rights system would be nice.
Unfortunately that is not possible at this time, as the admin panel as a whole is either allowed or denied. Administrators have full access to the site and so they are hardcoded to be allowed in.
Changing the code to break up the ACP into different sections that can be managed via privileges is a major overhaul