.bashrc and .profile can be modified without root, as can autostarting .desktop files. I think systemd and anything in /etc require root though.
Also a lot of users set sudo to not require a password (I am guilty of this) which makes privilege escalation easy.