I just tested the SSH login of an account that should not have ssh access outside the /home/ directory.
However, it appears it does.
I cannot access the other Virtual Server directory but I can access everything including /etc/webmin/ and so on.
I … feel this is largely insecure
While I cannot view the contents of said files. I certainly don’t want to allow access to other directories.
What do I need to do to restrict this?
What your users are seeing is allowed by the typical UNIX/Linux permissions. You can always change the permissions on files/dirs you don’t want them to be able to see.
Barring that, you might just need to prevent SSH access altogether for some users.