Yeah, and anyone with root privileges should know the danger of doing
rm -r /, too–but there’s still a warning when you do it. It’s also more than simply leaving the page open; if you close the tab/window without logging out, you can browse back to the server-manager without needing to authenticate again.
It’s not a terribly big deal to me with my use case, but it still seems a bit insecure. There’s a reason that a timeout like this is pretty much universal in places that require a login.