yes your are right. The original idea it is to have a centrized control panel on the main site where each customer can access only its site manager with its own account data. In this situation the editor is always on the main domain and I will save any edited text to a database.

 

I don't think there is a problem of security in this way.