Our concern is mainly that in this setup, someone with knowledge of the cluster location could run arbitrary code with potentially elevated account authorizations.
Grant it - this would be an easy way to get fired! - but ideally there could be some form of user/pwd that could be used to lock down access to the cluster. If there a way to extend the request pipeline or inject custom logic at the head node we would but from my understanding this doesn’t exist. For some enterprise customers this would actually be a deal-breaker in terms of adoption.