Comment 3 for bug 1208430

Reducing the security implications of running MongoDB is an important thing for us to do. It's not quite critical, because nobody is asking for it directly now, and the risk is still somewhat limited. But there is a risk, and I think the general policy of treating even security -- even relatively lower risk stuff -- as important is a good habit of mind for us.

We are going to be at the center of a lot of important developments. On the other hand once you can control the MongoDB server, your opportunities for privilege escalation on hosts in that environment are probably greater in other directions.