Look, it's obvious that you shouldn't log on as root and peruse the net, downloading "warez" and executing arbitrary code. If you did, there's about a one in a million chance that you might accidentally download some 1k Applescript "virus" that some 12 year old wrote, confuse it with a 50 meg fetish video of Cameron Diaz, run it and delete your home directory.
But being *online* as root, ie connected to the internet, is no different (to the remote viewer) than being online as any other user. Even assuming you have vulnerable services running on your system (which is 100% possible now that the AFP exploit is in the wild, and there are plenty of people who decide to turn off Automatic Software Update because they don't know what it is and don't like the sound of it), it would make no difference to the remote observer how *you* were logged in. *sigh* I'm tired of arguing this point. You win, fine, don't be online as root.