I have to disagree on some of your *nix points pooh...

1. Completely depends upon the OS. In Windows, there will be no kept logs of usage since it is a seperate SMTP engine. However, if an email fails to send properly, chances are it will end up back in your inbox as "Message Undeliverable", but that hardly constitutes a logfile. On the other hand, within a *nix/*BSD distrobution, it would most certainly be logged. I'n nearly positive sendmail logs activity in and out as normal procedure, including seperate SMTP engines. On the other hand, getting a seperate SMTP worm engine to work on nix is near null since it does not have proper permissions or area control.
Because the virus/worm uses it's own SMTP engine it will not be logged. The (hostile) SMTP engine will deliver the email directly to the destination domain without using the local MTA. Any user can telnet somehost 25 and fake SMTP; so can any virus/worm/trojan.

Correct, in order for an SMTP engine to have unlimited access it would need some way to run as root, especially if it is a secured and locked down box.
Why would it need root? It's outbound only so there's no need to open a port <1024 hence no need for root. As said above any user can telnet to port 25.

Everything else looks fine and to the point