I feel like I'm playing devils advocate here ... but I really can't be as I see and manage environments that do it both ways.
What did you do before Microsoft released the updates to store.exe to how it processes the 'Send As' permissions? Surely you weren't stamping attributes manually ... because you didn't have to.
Were you one of the companies that convinced Microsoft to make this change? Heck, maybe, and if this was such a big security concern for you, then this absolutely applies to you, and my view on this is 100% off.
BES's MAPI is tiny only when your user base is tiny ...
In a totally oversimplified look at MAPI:
1000 normal users (using cached Exchange) + 250 BES users = 2000 + effective users (at best)
Remember, all BES MAPI connections are persistent, and you always plan for peak capacity.
When you start seeing disk queue lengths on subsystems with 20 spindles exceed 500 and RPC latency off the wall and "Connection lost to Exchange Server" popups in the task tray you truly realize how much overhead BES adds to a messaging environment that wasn't planned with BES in mind. That said, I love BES.
With regards to AdminSDHolder ... heck, as long as you know what you're doing you're all good ... its just when changes get made because laziness wins and administrative best practices aren't followed ... that I shiver.
Yup, I've rambled a bit ... I just want to drive home the idea that your time might be better spent worrying less on security with this given account and more on performance, or something else ... like will Spider Pig save the world.
Spider Pig, Spider Pig, does whatever Spider Pig does ...