Description
in 2.6 the auth collections (system.users, system.roles, etc) are protected from being modified directly, as long as auth is enabled.
However, if you restart the node with auth disabled, it's possible to insert/remove/modify the collections which can screw things up. We might want to have a warning somewhere in the auth docs telling people not to do this.