I don't think those first two are violated? I'm pretty sure you can make /usr read-only, mount it from a shared source, and nuke /usr/local at will. I do agree that splitting config files by base and not-base means there are two places, but given this particular system design it seems like a bad assumption rather than a bad design.