If I run a shell script under my user account, that shell script has full access to anything my account has access to, UNLESS I'm running SELinux or something like that.
Sigh. Yes, I'll assume you're perfect and never run anything you didn't write yourself.
Edit: Okay, think about it this way - if you're the perfect sysadmin who doesn't run anything bad, how do you go about protecting your non-so-perfect users? How do you protect the server you're tasked to maintain?
