These are problems with the server implementation though and not with the SSH protocol itself; you could design a SSH server software that does not run as root (if you do not need the capabilities that are available when it does run as root; for example, if you only want to allow SSH to one user account then it can run with that user account).