This is absolutely a security issue. Let us consider this scenario. Site-A gets 50,000 unique hits a day. User-B makes Site-B and maps Site-A's domain and then plasters spam, porn, and affiliate crap everywhere. Site-A's domain name has been compromised in this scenario. Let's also imagine you fix that one scenario. User-B maps a subdomain of Site-A on his blog and now has http://free.Site-A.com pointing to his blog. In both cases Site-A's domain name has been compromised by an unauthorized user.
If you think one user jacking another users domain name is not a security issue, I think you need to think again.
This plugin desperately needs the following:
1.) Check to see if domain is mapped elsewhere.
2.) Have a back end option checkbox that allows super admins to approve domain mappings that are submitted by a user.
3.) A checkbox in the back end that allows or disallows users to map SUBDOMAINS of an already mapped domain. I.E if UserA only has http://SiteA.com mapped then UserB cannot map http://www.SiteA.com