Currently, the cookbook uses the same configuration for connecting to ZooKeeper when run as either a client or a service. This could allow bypassing access controls. These should be split into two separate configurations and set accordingly.
Merged to both cookbooks. This will be released in the next version of each.