One rather rude thing root can do through /proc is usurp any process's STDOUT. I tried it on my box, opening up two gnome-terminals, one su'd, one not. Found out the PID of the non-su'd bash (189), then used the su'd one + /proc to get the fd for the STDOUT of the bash, using stty and a Perl script to put keypresses in immediately (the Perl was to map backspaces correctly). So I started typing (slowly, for effect):

blueroom:/proc/189/fd# perl del-to-bs > 1


You have violated Money Guzzler Corp.'s TOS.
Your session will be terminated in four seconds.
Four...
Three...
Two...
One...


^D
blueroom:/proc/189/fd# cd /
blueroom:/# kill -KILL 189
blueroom:/# deluser hosed
[download]

... and it worked too. I can only wonder what would happen if you injected random data into a pipe...