These are the permissions and a brief description of what they do/why they're risky:

1. Edit Read-Only Fields: can edit fields which are 'Read Only' as per Field Level Security or on the Page layout. This behavior is seen if the Profile associated with the User has 'Edit Read Only Fields' selected (source)
2. Manage Login Access Policies: can administer Login Access Policies, which allows them to control whether your users are prompted to grant account access to Salesforce admins, and whether users can grant access to publishers (source)
3. Manage Password Policies: can set org wide password policies (source)
4. Manage Profiles and Permission Sets: can create, edit, and delete profiles and Permission Sets (source)‍
5. Manage Sharing: can use the Sharing Settings page to manage your organization-wide sharing defaults, sharing rules, and other sharing settings (source)