A Super User has a lot of power and with it comes a lot of responsibility. The goal of this issue is to create a new config setting eg.
secure_mode that is disabled by default. When enabled it will limit some of the powers of Super Users.
In particular it will prevent:
Possibly there are other insecure items that a Super User could do that we want to limit in the secure mode?