[rdiff-backup-users] Prevent rdiff-backup from deleting?

[Grant]

I'm using rdiff-backup in an automated "push" arrangement with access
to the backup server provided via SSH keys and restricted to the
rdiff-backup command like command="rdiff-backup --server".  I think an
infiltrator could delete a compromised machine's backups from the
backup server like this:

rdiff-backup --remove-older-than 1s address@hidden::/path/to/backup

Is there any way to prevent something like that from happening?

- Grant