As long as content is authored by the administrator of the server, I don't see where there is a security issue.

It's like if you point to your own Apache server in your own domain where you host a scam page and say there's a security issue with Apache because you could do that.

Or are you saying that you can make this person's server serve third-party content?