No, it does't. A member of the sysadmin Role can simply enable it.

You're conflating multiple issues. There is a difference between trusting someone to do all operations within the scope of the database engine, e.g. see all data in all tables within all databases, and trusting someone to do all operations on the server on which SQL Server is hosted, e.g. have access to xp_cmdshell to reach a cmd-shell command line on the host server.