1. postgres would have a sane default pg_hba disallowing remote superuser access.
2. postgres would not be running as root.
3. postgres would not have a default superuser password, as it uses peer authentication by default.
4. If ran on a redhat-derived distro, postgres would be a subject to selinux restrictions.
And yes, all of these can be circumvented by an incompetent admin.