I don't want to labour the point - because I think you are on the right track with creating new groups/users in the web interface and regressing rights there - but I just wanted to clarify that the key you talk about for SSH access is the key for THAT user (possibly root) of the SSHD daemon on the DiskStation.
The rights bestowed on that user can be equivalent to the rights of an ordinary user of a Linux operating system if you make the changes I suggest in my other posting (see link above) - who can be denied the rights to run specific programs, access specific folders etc.
Consequently, I was indicating that SSH access was 'safe' - provided it is restricted to user SSH access not root SSH access.
Different RSA keys for the users are stored in:
/root/.ssh (Specifically for root ssh access)
/volume1/homes/USER/.ssh (for that USER).
Then when the USER logs in SSHD checks the user's key against the /volume1/homes/USER/.ssh/id_pub.rsa key and - if accepted - the user logs in at that level with that USER's rights...
Yes - they can cd to other folders but those folders are restricted by the OS and rights to commands like IFCONFIG (say) are restricted. I always CHMOD /root and other users' folders (to stop the access).
Hope that makes it a little clearer why I feel SSH access isn't THAT dangerous... unless you genuinely fear that somebody is going to hack the SSH Daemon (but they could do that even with your current setup <g>).
Hope I have been able to help a little