keosd security concerns

Running in a shared Unix environment. The EOSIO software stack as available for download does not appear to be designed for use in a multi-user Unix/Linux enviroment, at least not for use in a production environment. For instance, the build chain (eosio-cpp) does not support multiple users because it does not separate the names of files when compiling (e.g. /tmp/filename.cpp.o when compiling filename.cpp), which would make it vulnerable to TOCTOU attacks in shared environments.
More importantly, the cleos tool communicates with the keosd background program through a Unix socket whose permissions allow anyone in the same Unix group as the current user to access a user's unlocked wallet, thus giving the ability to sign transactions for any accounts for which a user holds keys in their wallet.