Since the earliest days of unofficial Android ROMs, root access and custom firmwares like CyanogenMod have gone hand in hand. However, future versions of CyanogenMod will take a step back from always-on root, disabling root access by default but allowing users to easily enable it through a menu.

In a statement on their official site, the CM team says that having root access enabled by default represents a "major security risk," one which can be remedied by introducing four user-configurable root options. Root access will be disabled by default, while three additional options will let CM users enable it for ADB only, apps only, or both. So there's nothing to panic about -- your root access will still be there if and when you need it, but your device will be more secure by default as a result.

A good analogy is Android's "unknown sources" option, which allows applications to be loaded directly from an APK file rather than the Google Play Store. It's there for those that want it, but disabled by default for security reasons. As CM matures and its audience grows more mainstream, it makes sense that there's a renewed focus on security.

There's more technical info about exactly how this configurable root access works over at the source link.

Source: CyanogenMod