The documentation for the ACL system would probably clear up a lot of your questions. You have to realize that under the ACL system, (when properly configured), root means nothing. So let's say someone got root on your system. Would you want them to be able to remove packages on your system with apt? No. So if you want to update packages on the system, you have to authorize yourself to the ACL system (we take several precautions so that this admin mode can't be compromised, short of choosing a horrible password), and do it from within there.
-Brad