It'd be handy to be able to kiosk restrict suspend, hibernate, restart, poweroff access (much like we can already control logout access). My specific, fairly non-standard use case, is preventing live session ISO users from hibernating or suspending the live system as that is not particularly useful and may have unintended side effects (e.g. unlocking the session may proof tricky as the user doesn't actually know the password). This may however also have obvious uses in actual KIOSK scenarios where the user may technically be able to initiate a power action, but disabling the functionality on a KDE-tech level might be enough to not have this cause any trouble.
There's PolicyKit which can do this and is used everywhere. Adding a KIOSK check there would make things more complicated and add yet another variable to the "why cannot I do X" question.