As 'Super User' I can give other Administrators permission to 'Sign In as User'. However, having given them this permission, they can now sign in as me and do whatever they want with the system.
As a minimum general principle, someone should never be able to use the 'Sign In as User' facility to sign in as the Super User (just leave the button out when viewing the super user account, or better, only let the super user view/edit the super user account details)
Maybe not important on small systems, but on bigger systems with multiple administrators and multiple levels of administration, this is important. Ideally I would like to set up a restricted 'helper' level of administrator, who can sign in as a regular user to help them out, but not sign in as any higher level of administrator.
If there is time and resources to do more than the minimum above, then when granting the permission to 'Sign In as User' could restrict it selectively to group(s) of users.