Normal user in "disk" group

[Cross-posted from http://www.mepislovers.org/index.php/topic,4412]

On my MEPIS 6.0 install, my normal user account is in the "disk" group.

This can be seen using:

$ grep disk /etc/group
disk:x:6:user,backup,root,onthego

This gives my normal user account read/write access to /dev/hda:

$ ll --color=none /dev/hda
brw-rw---- 1 root disk 3, 0 2007-02-11 23:39 /dev/hda

Consequently, I can bypass the directory and file permissions by using a package such as lde (Linux Disk Editor) to access data directly from the disk partition.

Isn't this a security hole?

Is membership in the "disk" group necessary so that can I mount/unmount partitions, or do similar stuff, without being root?