DDL operations are currently audited on primaries and secondaries. Unfortunately, the audit hooks for these operations are buried in the execution machinery which is invoked during parallel batch application. This means that synchronous file writes, to the log file, are performed in the critical path of oplog application, potentially impairing the node's ability to keep up with its primary.
We should prevent secondaries from emitting DDL audit events for replicated changes.
Note that we must still record DDL events for local, non-replicated changes. These are DDL operations on the local database, and any collection named system.profile.