I have to disagree, the fact that it is easier for one OU use case does not mean it is better for everybody all the time. We have role based system, I think we should use it for as much as possible.
I believe simple use cases are more important:.
1. Admins wants to prevent creation of new forums because site migrated to forumng - admin changes role definitions of editing teacher role and removes mod/forum:addinstance from all roles
2. Admin wants to enable contrib hotpots in English language category only - remove mod/hotpot:addinstance from editing teacher role, override capability at one category only.
3. Admin wants to allow different roles to add different activities - course authors can add resources, tutors may add only assignments.
I believe that the capability based system gives us more flexibility. It may be a bit harder to set-up in some cases, but I think this functionality is not used every day/week and it should not matter much if admin spends 1 minute or 5 minutes setting it up.
Role based solution:
+ less admin config clutter, less course settings clutter (tiny fraction of sites is using this, right?)
+ much easier implementation and future maintenance
+ more flexibility in unusual scenarios
Benefits of Tim's proposal
+ faster to set up in some scenarios
+ it is similar to Moodle 1.6