Maybe I'm not thinking right, but long-term is there any reason why we
should require privilege in order to do step 3, so long as the user has
read access to the source and write access to the destination?
I don't think there is. Other than this glitch. That's a powerful
reason to fix the glitch.
The other argument is that, frankly, I think most people are still
either unaware of, or confused by, mounts propagation. Letting root
shoot himself in the foot is reasonable only to a point.
If the user or admin can simply (I haven't tested)
mmount --bind --make-rslave -o user=hallyn /mnt \
then returning -EPERM if --make-rslave was not provided is reasonable