OK, well I agree that as opening up the security hole is a conscious decision for the admin - and is therefore the admin's own lookout!
I also agree that limiting the toolkit based on some kind of arbitrary notion of what constitutes an acceptable level security policy is not a good idea (because everyone's needs are different). In fact we should probably have a general set of guiding principles for OpenACS security for just that purpose. But I really don't think that we should actively encourage poor security.
As I have said before - just because something appears convenient, it doesn't necessarily mean that it is a good idea! Also there is little that can be less convenient than a compromised or crippled service. 😊
My own feeling is that as this is a desireable feature, if we could only devise a more secure way of doing it and agree on that, we would enhance the toolkit whilst mitigating this unhappy tradeoff between utility and security.
I vote that we thrash out some solutions to the security issues and try to make this work in a more robust and more secure fashion.