This collection of issues are all related. These scripts are all available under the /admin/ folder, and are therefore related. This folder is secured using HTTP auth, and always has been (contrary to the speculation that it is not secured). GBOTD #4 identifies a bit of code that shows we left admin views to APC open to anyone that was able to successfully access the /admin/ folder hierarchy. The other two issues were scripts added as conveniences and were removed. The best kind of fix.
UPDATED to include more recent issues reported under Admin. Issue #8, #9, #10 and #11 are non-issues in that the code is not in production (much of what is listed in these reports was moved to an external project nearly a year ago). The code has been removed from the project trunk as part of housekeeping.
All of the following are resolved:
