Potential security concern?

The Role and Grant can reference resources/secrets in other namespaces. It may create a pathway for namespace-scoped users to access their unauthorized namespaces? Perhaps we need Webhook/CEL for authorization