To expand on the earlier BIOS. analogy, let's focus it on the eeprom chip. We know by its name it is designed to be electrically eraseable & programable to keep the PC's POST & bootstrap code accessible. It is writeable media that can be made unusable in certain events.
Since BIOS eeprom useability depends on a correct set of firmware code, when some inappropriate code is inserted (like a scrambled power on password or some other damaged code), recovery options can be limited, often requiring specialzed single-purpose hardware to regain access. A "bad flash" where voltage is mishandled forms the bridge between software & hardware damage here.
The POSTing & bootstrapping in Android passes from CPU to nand flash media with generally similar dependencies & vulnerabilities to PC BIOS firmware. Namely, nand must present to the cpu a read/writeable partition containing the undamaged bootloader ready for execution.
It was correctly stated that rooting only enables the superuser and adds a binary. Just like with the PC the stakes are much higher when flashing is the method involved. I guess any true danger of bricking is not in the security changes rooting applies, but relates more to the risks & requirements of safe flashing in the process used.