Static gifs and docs. Perhaps it would have been better to protect them against unauthorized access, but since anyone who wants them can get them by purchasing a cache and we don't view the docs as a profit center, it didn't strike us as a high priority.
I think any security issue is high priority to fix especially if issue has been posted to bugtrack. It hardly inspires confidence that serious security issues will be dealth with in the correct and proper manner.
If we had any secret scripts accessible as disk_objects, this might be a problem. Since we don't, this is merely a clever way to confuse your browser.
This is joke especially since a simple strings of the code base shows there are undocumented code features.
Colin Johnston SA PSINET UK