I just added this to a fresh multi-site installation and noticed that subdomains are apparently able to change the database prefix. They can also see what the current prefix is.
Even worse, it appears as though subdomains can create database backups.
This seems like a pretty big security flaw to me. What am I missing here?