Prehaps it might be good to help here with why your people would reject SA38. Every transaction code automatically is security checked to see that the user has authorization to that tcode. So to finance transactions, you would likely need a finance role to have authorization the their reports. Same for HR and so on. Behind almost every tcode, however is a program being called. If you call that program through SA38, then the transaction code security check (except for that of SA38 its self) is bypassed.
If you give SA38 to a wide range of users, you have also given them special access that they likely shouldn't have.
Now you can put authorization checks inside of the report its self and it is wise to do so. There are many ways to call transactions and that guarantees the checks are done. However imagine trying to go into every standard report and add this kind of security. It is not possible.
Hope this helps,
Neal