Currently, the endpoint ContactAdministrators /secure/ContactAdministrators.jspa is public and can be accessed anonymously by anyone.

Admins can only turn off the Form entirely, and having it on can lead to users exploiting this feature to send unfriendly emails to the admin staff.

It would be good to have the ability to lock this functionality to logged-in users only.