Why not... It's an age-old concept, one I've enforced over decades, but seriously..... nowadays, once you are in, you are in, and systems (at least the ones I've put together in recent yeras, I can only assume the same of others) are very regularly refreshed from scratch from servers that can't be reached from the public facing stuff. (so even if you manage to find that one old php server and find some bug and drop some php thingy on it, it's going to get squished in 30 seconds, give or take, as regular housekeeping takes place. If you managed to actually focus on the attack and go deeper, it might take longer -but root or no root, the damage you can do is the same either way, and limited hte same either way.
EDIT: For the record - I still follow this practice, I'm just debating it's relevance these days. Things change, right?
At least this confirms that it's actually running socketstream...