"/publish" can be executed from command blocks

The (awesome) new version of the /publish command can be run from command blocks.
As useful as this might be in some cases, it seems like a potential security issue as it could be used to make players involuntary opening worlds to lan.

Potential ways would be to give a one-click-command, a function file, a structure file or a world download to a player where the publish command is hidden.
The world could then reopen on a given port each time it is loaded.

I can't think of a really bad end-of-the-world-style scenario, but it's something to consider.