The most dangerous permission admins have is JS editing - but its also only used by a minority of admins. Additionally, editing other user personal js/css is pretty dangerous, and rather rarely needed.
We should be able to move that to a separate group (This bug is only about having the technical ability to do so within MediaWiki. Whether or not its a good idea to do so on WMF wikis, and whether its politically acceptable are separate discussions, and out of scope of this bug)
Things to do:
*Separate interface messages into normal interface, raw html, and js/css files. Have different permissions for the different types, or at least editinterface vs editinterface-scriptable.
**This is mostly easy, but tracking down all raw html messages might be annoying. Especially, lots of extensions seem to use raw html-ish stuff in js. (See also T2212)