They don't have any admin/moderator privileges yet. But they wish to have permission to work on a separate isolated installation of XenForo for testing purposes. Furthermore, we do NOT have the budget (or literally any budget at all) to hire a sec. consultant. And that's OK. I don't expect anyone to harden my server for free at all. But I do need to know...
Is there a high risk?