Just as OpenSSH warns if you have insecure permissions on your keys, I'd suggest that OpenSSH should warn if you have an insecure setting of ForwardAgent: if you have a global "yes" or a Host * "yes", OpenSSH could warn and suggest a more host-specific setting. For an example of how widespread this unsafe setting is: https://github.com/search?utf8=%E2%9C%93&q=ForwardAgent&type=Code&ref=searchresults