I expect the reason root is queried is because it’s guaranteed to be there on pretty much any Unix-y system, but the real issue (though once again, I’m only guessing, because they don’t bother to explain why they believe this to be a problem) is that it responds to VRFY at all. Here’s what my server does:
250 DSN
VRFY dan
252 2.0.0 dan
VRFY nonexistent
550 5.1.1 <nonexistent>: Recipient address rejected: User unknown in local recipient table
DONE