I was playing around today when I noticed that a test user I had set up, was fully capable of modifying their shell from /usr/sbin/scponlyc, which jails them to their home directory, to /bin/bash, which allows them to do anything. this is a significant security risk.
All a user has to do is to log in, go to Login -> Change user Details, and is instantly provided a pass to system security.
I felt that this was a significant security risk. If there's some way to prevent this through permissions, it should be documented. If not, then it should have an option to remove it.