We turn on simple logic - under root, any script is executed with full access to the body, including the ability to perform destructive operations without asking permission from a naive user. So? So.
Next - we put third-party code as Composer, who the hell knows what's in that code (you don't personally check all packages, and then recursively their dependencies, and the dependencies of their dependencies). Therefore, to do so is ay-yay-yay-danger. Risky. What Composer is hinting at.
Also, doing anything as root on a server is bad practice. Exactly for the same reasons - so as not to copy-paste some code from these Internets of yours into the command line in the old fashioned way - and then, as in the FanatPHP comment about the classics .
There must be a separate user that you are connecting with, and he has sudo rights. Use these rights only in extreme cases, when they are really needed.