The sign-and-submit mode of `submit` should definitely match what we do to `sign`. It’s even more risky since you’re not even looking at the signed result before submitting it!
Also, I like @wilsonianb’s suggestion of making all of them admin-only rather than strictly removing them, because that way:
1. It matches the treatment of `wallet_propose`
2. It doesn’t require changes from those who are using `rippled`’s signing securely using a local server
3. It still prevents the most insecure usage
I would be in favor of still disabling the commandline versions for the reasons described in the commit while leaving the WS / JSON-RPC versions usable on admin commands by default.