Right now, there are no fine controls of what a member, specifically a client, has access to. If you give a client access to a site, they have full access to disable the firewall, disable/enable cacheing, etc.
Would be helpful if, at least for client members, we could control exactly which tabs (settings, backups, domains, etc.) and further, which settings they have access to (change site ownership, change php version, ssl, etc)
This is definitely planned. We'll be making everything a lot more fine grained with respect to Teams. Thanks Justin!