I don't think there's currently any “official” way to do this, but perhaps you could come up with something creative. For instance, use an “execute microflow as user” action to retrieve something that the user does not have access to when production security is turned on, and then check whether the list is empty or not to determine whether or not security is turned on. It's not foolproof and it's not elegant, but it might be a workaround until you find something better.