When I install a program using Discover, I am never asked for a password. When I uninstall a program I am asked for a password. Apparently uninstalling from hard disk is more dangerous than installing from the net. The general idea about Linux and safety is that writing to system disk can only be done when the correct password is given. Now I can do without. Please say this is a bug and not a feature because that would undermine everything safety related.
This is a PackageKit policy, if you think it should report to your distribution. Note you'll get the same behaviour if you run "pkcon install pkgname".