Well, of course it is potentially unsafe - it links two different account tokens together! Now you can't tell which account has control of a resource.
This setting certainly would not be acceptable in an environment subject to SOX, HIPAA, PCI, or similar security requirements.
Glenn
_________________________
Actually I
am a Rocket Scientist!
