Tibor Karaszi warns us to be wary of the securityadmin role:
Over the last week, I’ve seen two discussions where the securityadmin server role was suggested.
The scenario is typically that we don’t want to make this person a sysadmin, but we want this to manage logins and stuff like that.
But Tibor explains why you should watch out—my rule of thumb is to treat securityadmin as just as important as sysadmin. It’s not the same, but someone with securityadmin can do a lot of damage to a server.