Please point out clearly in the documentation that every active proxy configuration, incl. credentials, user macros, etc. may be completely accessible to everybody with access to the Zabbix server trapper port.

This can be a security issue when people are not aware of that.
Even if it actually should be obvious since no restriction takes place when configuring an active proxy, I think it should be mentioned in the documentation.