It would be nice for there to be an org level setting to change the default for "Give access to everyone in the organization" of SSAs to false.

This should only affect the default value and would prevent the early exposure of new SSAs to users unwittingly