Because passtokens bypass the normal security mechanism that establishes a user's identity, they can pose a security risk if an unprivileged user is allowed to create passtokens for other users.
Consequently, ESF Manager can be configured to disallow the generation or use of passtokens, or both; this affects any security domain (Enterprise Server server/ region, or MFDS) using that security configuration. Also, ESM Modules that implement passtokens will often provide additional controls. For example, the MLDAP ESM Module lets you specify for each user whether that user can generate passtokens for itself, for any user, or not at all; and whether that user can be signed on using a passtoken.