Hi Loïc,
Do you mean you use "only_db" to skip to stuffs to get the table list? You don't rely on this feature as a way to define access rights to your MySQL server, isn't it?
No, rights are for mysql, no doubts in my head ;-)
BUT, 1) in advanced auth, 'only_db' can be an array of db so if rights are correctly set and 'only_db' too : I'm not sure I'm getting the problem ?! 2) much more important : in virtual hosting, you can't change mysql parameters : it's not advanced auth but the 'only_db' feature is really important in real life use of Pma in such environments.
Advanced auth is getting really a difficult problem (bookmark, only db ...) : maybe the config.inc.php3 should be split in two with a config_multi-user.inc.php3 much cleaner, maybe smarter and easy to administer.
Alain.