If I understand what you are saying, this would allow one to become root without giving the root password. This sounds like a really bad idea to me. If a cracker should get the regular password to any account on the system, he can just type "su" and become root without the password. The whole point is to prevent the cracker from gaining root access, not make it easier. In order to install a key logger on a system, the cracker must either be root, or trick an administrator into installing it, possibly via a Trojan Horse. If you are accessing your Linux system via the console, I.E. sitting at the computer, the root password will not be sent out over the Internet unless your system has been compromised. If you must access the root account remotely via the "su" command, connecting to the system via SSH is strongly recommended.
