Hi @Elie Attieh
From the link you shared, I deduce that audit permissions were granted to the specified Principal member within the set of "Everyone" and the object was "Everyone" for which all its members could be audited by the principal. I therefore do not think the specified approach is risky.