This is the rationale provided by @GG_jr that seems reasonable
samba-audit could also plug its configuration to provide audit logs about home$ (ab)use too…