I chatted about this briefly with Central devs and we believe that either there was some previous limitation about relative paths for named volumes or that there are some gotchas certain environments. Unfortunately we can't quickly come up with which it is.
If you can confirm relatively confidently that binding named volumes to relative paths is common practice then we are open to a PR for the migration.
The security risks of running as root are limited to vulnerabilities discovered in Docker's sandboxing in this case, right? Here's info about the daemon attack surface and what rootless mode mitigates.
My general sense is that running Docker commands as root correctly captures the level of responsibility and risk that this implies. Rootless makes sense in contexts with multiple levels of administrators, some of which don't have root, for example.