Here is a proposed patch for the issue discussed in
<http://archives.postgresql.org/pgsql-hackers/2012-07/msg00569.php>:
I'd propose getting rid of lanplistrusted, at least for access
checking. Instead, just don't install USAGE privileges by
default for those languages.
The reason is that there is value in having a role that can
deploy
schemas, possibly containing functions in untrusted languages,
without having to be a full superuser. Just like you can have a
user that can create roles without being a superuser.
It turned out that actually getting rid of lanpltrusted would be too
invasive, especially because some language handlers use it to determine
their own behavior.
So instead the lanpltrusted attribute now just determined what the
default privileges of the language are, and all the checks the require
superuserness to do anything with untrusted languages are removed.