There is 0 reasons to have setuid binaries. Additionally, having users escalate a program to root, with no restrictions on what root can do, is even worse. setuid is a total hack and is embarrassing how many Linux distros are using it.
While using a setuid binary to edit the password/group "databases" is the historical default, there's no real technical reason why it must be that way. The passwd program could communicate with the database service via a socket. Likewise the NSS and PAM stuff could communicate with the same service via a socket. No reason for it to be lots of in-process loadable modules in this day and age.
