I read previous discussions about it here. The argument IIRC is that making the default context staff_t adds a little bit of security.
IMHO, it adds no security whatsoever, since `ssh -l root hostname -t su -' gets you to sysadm_r without asking for a password. So how about changing the default policy such that ssh selects sysadm_r by default, which should minimize the inconvenience without really losing anything in terms of security?