Is it safe to publish an EC2 security group?

view full story

http://serverfault.com – Is it safe to publish the security group you're launching machines on? i.e. "my box is on sg-abcdef" Are there any permissions that control who is allowed to join your SG? Worst case, it seems like a malicious user could start an arbitrary instance, join your SG, then send TCP traffic to ports inside your firewall. Is this correct? Are there other potentially bad things can a malicious user do? (HowTos)