It sucks the position you are in, but...

A) I would never give a client access to the admin account.

B) Group permissions vary from instance to instance, so to a certain extent, I don't think the Administrator group should even created during install.

C) I try to avoid using the admin account myself, so I'll create myself an account and give that account all the permissions that are necessary. The only thing that makes the admin account cool is the ability to log in as other users.

In the next version (there's always a next version!) we're looking at adding some additional permissions in the dashboard. These will include some more functional things, like the ability to sign in as a user, the ability to edit page defaults, etc... And we'll give the admin user the ability to assign groups to these permissions the same way that you currently can today. It should give administrators more flexibility about who can perform what task.

can I suggest adding some way of restricting the groups a user can see?
So you can have a clients administrator that can only see/add-to/manage for example the "clients" group, but can't see anyone who's not in that group.

Currently, any user that has access to the Dashboard -> Users page can see all users including the superuser. for our sites, we'd like each client to have administrative permissions but we retain control of the root user. We don't want these admin accounts to even see, much less edit the superuser's account.
Merely removing the superuser's line on the list page would do the trick, I think. I am willing to code a patch for this. How would I submit it? Thanks.