If target is compromised, a malicious user can run arbitrary commands through rsync.
I agree this is an issue, the best solution I have found is Push Mirroring with this the command that can be run is put in the ssh public key and then the compromised client can only run this specific command.
RedHat is opening up the development process via Fedora and this is a great thing.
The exchange value of a Fedora CD set is basically the cost of producing and shipping them, there is some money to be made there but not much.
I think this is why RedHat are concentrating on selling services to businesses.