Bamboo's current security model is insufficient for segregating development teams working on different security projects. Currently project A can be made to build on project B's build agent and a rogue developer in project A could use a modified build script to collect project B's source code from the agent's working copy.
The option of deleting working copies after each build relies on manual (and therefore error prone) procedures and incurs significant performance overheads.
I suggest providing an administrative function to dedicate build agents to specific projects which has the effect that the dedicated project is then only built on those dedicated agents, and no other project can be built on them.