Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?