The second advantage is that by default as the normal user doesn't have root permission, viruses and trojans just can't work, unlike in Windows where every user has at least some root permissions by default. I know you can set an admin password, but since this is a bolt on it is easy to get round it.
This is possible in Windows as well (and in Apple's operating systems), but as far as I know, the common way in mobile devices (where the OS is minimal) is to use an admin account. For example in the first versions (I'm not sure if it was fixed thereafter, hopefully was) of Apple's iPhone the used user account was admin account, which in the tests proved relatively easy to break in (Safari with administrative privileges caused trouble, for example). So it's not enough if the desktop
versions of the OS have non-admin/root account used by default, or if the OS provides or encourages the use of non-admin/root accounts; in mobile devices it's just often the easiest way (least disturbance for the end-user who is not interested in user accounts, but in getting the tasks done) to use a high-privileged admin account, than for example ask the user some passwords all the time. Especially true in mobile phones.