chroot jail or improved security for Shell access
When users require shell access (for example, they need to use shell tools for deployment of web apps, like composer, npm, git, artisan), it can be granted to them. However, once they have this access they are able to walk about the whole server, reading sensitive information such as the content of all other vsites.
Add the ability to prevent them from moving out of their own vsite dir, OR, dramatically tighten the security of sensitive files so there is no longer a global read flag set on pretty much everything.