As @nrobinson2000 mentioned, the GPIO access is done by direct memory writes to the GPIO registers which can only be done by root.
The Process::run can run commands as other users by doing Process::run("sudo -u pi my_command"); This would prevent accidentally running commands that affect the system. This can be added to the docs, or this behavior could be the default, unless someone does Process::run_sudo() maybe. What do you think?