We have covered quite a few topics in this chapter, from giving your users almost full control over their individual blogs to locking the network down so that users have very few powers beyond making posts and moderating comments.
Which route you take depends on who your target audience is, how powerful your server is, how concerned you are about security, and the business plan you have for your site.
It may be safe, in a small workplace environment, to allow all your employees to edit the PHP code of your themes because you trust them not to abuse the privilege. Doing the same on a public blog network is almost as risky as posting the FTP details for the web site on a hacker's forum!
Allowing users to copy themes and edit stylesheets is less risky, but there are still some dangers to consider—CSS files can be used for XSS (Cross Site Scripting) attacks. Also, imagine that you have 1000 users and they all copied over 20 themes to their personal blog folders. You would...