As per summary. The users get to see commands that they should not run at all.
xfsdump could be run on regular files ... but in general, it's supposed to be an admin utility what utilities are you talking about exactly ? some of them are fine for non-root users (like xfs_estimate)
get back to me ... i'd also point out, upstream creates those symlinks in the bin dir on purpose ...
xfsdump can be run by any user in the 'disk' group, which encompasses most backup tools. (Amanda for example can run without root access if you use dump/xfsdump for backups).