While there are multiple threats a modern Magento application faces, one of the weakest from a security standpoint is the ability to run arbitrary commands without application level authentication via the command line. It seems to me the bin/magento command should require a user to be authenticated with the Magento application prior to execution of a command for a fully installed system. Whether that is achieved via user/pass or other method is up for discussion, just as long as the CLI was treated similarly to the web from an authentication point of view.
I understand that there are many ways to discount the need for such a feature, but given the power of the bin/magento command (and n98-magerun2) it seems prudent to authenticate (and log) actions.
This might be enforced at the framework / API level in order to help shell / CLI commands and n98-magerun inherit the same security stance.
Adding additional devdocs / publishing best practices on security hardening a Magento installation would also be nice to see.
Thank you for listening,
Hardy Johnson
Technical Lead
Copious, Inc.
hardyj@copiousinc.com