Obviously if an admin account gets hacked you are in serious trouble. They are seen as an obvious target by people trying to protect systems. So much so that other accounts don't get the TLC they should have. It is quite possible for a legitimate user account (who is not an administrator) carrying out legitimate tasks through legitimate applications to make mistakes that can damage data and require a restore. Ergo a malicious user gaining access to that account can wreak havoc.
Secure administrator build workstations/laptops do need careful design in conjunction with the people who will actually be using those workstations. Otherwise using those workstations will be like being asked to carry out a sprint in hobnail boots with the nails on the inside of the boot.
I know why copy/paste is disabled, I just wish someone would think "what role does the password manager play in this" before doing so. Again, it is easy to look at DBAs as the weak link in the security chain. In my experience DBAs are temperamentally cautious and fiercely protective of the data they are entrusted with. It is the finance departments that are a menace with regard to copy/pasting data into spreadsheets and emailing it around.