I was training my team on setting up metrics, models and data sources, and I had to emphasise and repeat the instruction to not share objects with "All Users". This is because we have partners using our instance, so we use groups to control access. I then realised that this is a security flaw rather than a training issue.
My suggestion is to add an option in security settings to disable the ability to select "All Users" for access control.
I know this probably won't get as many votes as core functionality suggestions, but I hope you consider this important anyway as security features are usually more desired after something has gone wrong than before it has.