I've just recently tested out forms, and realized they can be a significant security hole. Any Guest with edit access can make a Form that publicly shares my full user list ("People" custom field) or any custom tag or dropdown list. Tools like dedigger.com are making it easy to find publicly posted data like this.

Since I can't possible know of all the Forms my users and guests are making across my entire system, there is no way I can secure my user list or my custom field data.

As an Admin, I need to be able disable Forms altogether, until such time you support private Forms and I can just disable public Forms.