Tails has an option to login with root privileges or not. It's the first dialogue you see. The issue is that an exploit with root privileges can disable the firewall and/or Tor and "phone home" over clearnet, deanonymizing you. Running Tor in a separate VM, as in the Whonix setup in my guide, is much safer.