It's not so much the "add to a workgroup" part as the "remove from a domain" part that's worrisome, since it makes anybody with a login able to create a virtual DOS attack.