The root account has the most privilege/access of any account, and should only be used when absolutely necessary. Programmatic access keys indicate regular and possibly unsupervised use. If programmatic access is needed for the root account for a specific use case, a key should be provisioned, the action carried out, then the key removed. All regular use should be delegated to lower privilege accounts.