Hi David,
Well in an ideal world this would be true, but as you say even you leave a remote possibility. But with your bastion I am sure an attacker would not have full admin rights of course. I too think this is not an everyday routine, but there could be additional circumstances (side-contacts) that could make it possible. I read this info in an another security forum, so I just wanted to pass it through. When there is smoke, then there is fire, and people do not make these things up, when it is 100% bogus. Maybe there are people who can relate to this, allthough it is unlikely they like to admit it. (One case I know about for sure). You know James Bond's famous saying: "Never say never".
greets,
polonus