Excellent article and I noticed this on your blog recently and was concerned.

It seems like this is a bug since essentially the securityadmin role now has no real meaning. You might as well be a sysadmin or not have this at all.

I would love to see a server level role that allowed someone to add a login, and a user for a specific database (s) only. That's the type of permissions that I often want to hand over to another person.