You can view the permissions that an organizational Admin can have in the contents of this Knowledge Base article: https://solutions.teamdynamix.com/TDClient/KB/ArticleDet?ID=3727
An admin can have any combination of those permissions, and you certainly can elect not to allow them to add other users as organizational administrators.
You are correct that there is no way to restrict an Admin from modifying the applications that they or others have access to. This is an inherent permission of an Admin, and cannot be removed. Only the permissions listed in the article I provided can be given or restricted for an organizational Admin.
This may have been requested in the past, but you might submit an enhancement request to suggest that KB article imports be allowed by non-administrators. If this request already exists, we will add yours to it and provide you with any updates to the request that might occur.
Let me know if you have any further questions about adding users as BE Admins.