You may choose to install as root/non-root when installing a package. If you supply your password when prompted, the package is installed system-wide (as root). If you don't supply it, the package is installed into your $HOME/.local directory.
The issue of security wrt root/user is a bit complex. Generally, even if software is installed as root, it can still do whatever it wants inside your /home/user directory. This is because to install as root, it needs root permissions, which include the ability to write anywhere in the filesystem. The same goes for running the program when installed as root. Since you're running it as a user (with user permissions), it can still modify your /home/user directory. So, you gain nothing by installing it as root.
The part that makes installing as user (theoretically) less secure is the ability of a program to modify itself (or its data). Normally, when a program is installed as root, the (non-root) user running the application does not have write access to the program or its files. This (theoretically) prevents the program from silently modifying itself. In practice, it'd be fairly easy to include rogue code in the application which used data from (user-writable) locations. Most desktop applications already have this built in: programs read icons, scripts, themes, and all sorts of other data from $HOME/.[something] all the time.
In general, for typical user cases (NOT servers), the data stored on a computer is much more valuable than the operating system or programs. Reinstalling Ubuntu is a 30 minute process, but getting your data back from backups (if they exist) is much more of a pain. Since programs are always executed with user permissions to modify user files, you gain nothing by installing as root. The best protection here are things like SELinux and AppArmor.
- Taj