I think the problem is with changing how permission is granted when "things happen". That is when a new class instance is created certain packages are mounted and privileges are granted based on the built in roles. If new roles are created, would you want to change the default behavior when new packages are mounted, or when new objects are created? If you are actually creating new roles and not just renaming the existing ones, this is the issue.
I have been thinking about this for a project I am working on, and I haven't come up with a solution. Ideally you would want all of these things to be configurable. But then I think there would need to be a way to configure what roles would get which permissions on package install and object cretion of package objects.
I think adding this flexibility would be very useful for dotLRN and for dotWRK also, and generally for OpenACS.