phranque - 9:11 am on Sep 28, 2012 (gmt 0)

it doesn't really matter how the url was discovered.
"security through obscurity" is not a sound strategy.
if you want to forbid access or require credentials for access to a resource then you must send the appropriate response.

bing won't hear you whining when they accidentally stumble upon your secret path and get a 200 OK upon request.
=8)