Besides the listed examples from the article, what would be the impact for normal to even hobbyist root users? It seems like this is a good idea to prevent modification of legit certs and allowing certs to be updated remotely.

As touched on above: if you’re configuring your own system CA certificates on Android right now for debugging, reverse engineering, testing or research, that option is going away in Android 14, and presumably all future versions too.