An authenticated user without user administrative permissions could change the administrator Account Name.