The goal: to be able to differentiate packages that cause systemwide changes from "harmless programs"
Why: To increase security when an unexperienced user decides to try new packages
Users very often get package recommendations from places which are not 100% worthy of trust, like internet foruns. A malicious (or poorly informed) suggestion can cause a users computer to became an open relay to send spam, or an ssh server for a hacker to bruteforce his way in.
To avoid that, it would be nice to have a "safe packages" list, of programs that
* dont use suid
* dont open network ports
* dont change the boot sequence
* dont affect any user of the computer that does not call the program in any way
in other words: can be installed without creating any security concerns