1. NPSADMIN - Default account created by MIP install is installed with SQL Server SYSADMIN rights. It is also installed with a default password that seems to be "proprietary" and cannot be changed. This is a huge security risk. I should never have to have a vendor user on my SQL Server that has SYSADMIN permissions, especially one that I cannot control the password for. This is not secure, nor a best practice.
2. Allow "split" installations. Having to install an application on my database server is again a security issue, as well as not a best practice. The installation of the application portion should be able to be installed on an application server, or any server the customer wants to install it on. I should not be forced to compromise my database server by installing vendor applications.