Right now users have no way to filter/log what permissions are being created. An attacker could be using the TURN server as a bastion box into NAT.

https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/