In regards to the securityadmin role, doesn't this bring the issue of granting that user the ability the alter/remove any login from the system. I'm facing the similiar issue where a developer wants to permission rights to create logins on the server.