Linux root access recovery by booting on the console

Several reasons: one, you have to have physical access to the servers, and most employees don't want to lose their jobs by getting caught on CCTV video breaking into systems. Then, you have some companies that implement BIOS / boot passwords or boot loader passwords. Sometimes, the "single user" option requires a password (if set up properly ahead of time), other times it simply isn't available.

Ultimately, though, you're correct - this is a very exploitable attack vector.

A potential intruder could reboot into single user mode if they had physical access. Physical security is just as important as software security. That is why schools lock out USB drives and the BIOS. You have to lock it down.

In /etc/default/grub you can uncomment the following line

GRUB_DISABLE_RECOVERY="true"

And poof! Single User mode is now gone.