This might not work with all build commands, but it could be really dangerous since you could execute something like cat ~/.cargo/credentials in your build commands and obtain your token in crates.io. (or even worse, your ssh keys is affected in a similar way.)
We should really take care if we run a sandbox.
IMHO, run build as nobody is safer, we may fail, but privates never leaks.
I don't know about IDEA, but unfortunately rust-analyzer does not really supports untrusted workspaces in VSCode because cargo can run any code and we need to invoke it to obtain the crate graph
I consider malware grabbing ~/.cargo/credentials a big risk. There is an RFC that proposes to obfuscate the process a little bit, although even the proposed solution is still insecure, because anyone can ask the credential helper for the credentials:
Credential helpers can potentially talk to hardware tokens (I have been meaning to investigate doing something with the yubikey crate I wrote in this regard), which can at least make them less of a credential oracle by requiring a manual step such as entering a PIN and/or pushing a physical button on the token.
That won't prevent malware from talking to the credential helper, but it will require user participation in order to obtain a credential, which is better than nothing.
