I just noticed that when setting up repositories, they were created with 'default' which mean if public sign up was on, they were able to see the repos. For the sake of security, a fresh install should default to restricting access to admins, perhaps through a default-created group 'admins'. Anon access should also default to the safe NO option.

Given that access to a repo enables complete tarball dumps, security must take precedence over any initial ease of use...