It is not an error that an admin user can do whatever he or she pleases, it works that way through careful design! I think the definition of admin could use some tweaking though...
I presume by admin you mean 'user with admin privilege on the root object' (object_id 0). The permission system is so felxible that you can define your own more limited 'admin' to suite your purposes. For example you might create tom_read, tom_write privileges for your tom package, and add tom_read and tom_write as a child privilege of tom_admin, and tom_admin as a child privilege of admin. Anyone with tom_admin is the admin for the tom package, nothing else.
Your subsite might use more than one package, so you might decide to create a group 'Tom's Susbsite Adminitators' and assign the tom_admin, news_admin and bboard_admin privileges to that group. Obviously now you can create subsite admins by adding users to the new group.
There are probably very few users of your system who are site wide administrators, perhaps just yourself, but by making all privileges ultimately a child privilege of admin, and all objects ultimately defer permission checking to object_id 0 (for those that do defer), it's possible to have a site wide adminsitrator (root user). Of course, you don't have to assign that privilege to anyone if you don't want to.
Sure, if you have to do it you have to do it (you've tested it and it's too slow?), but by breaking the abstractions the permission system provides you increase the chance of introducing subtle bugs.
