Basically, if you failed to login, anonymous users can get very minor data. Not important, but I once had it set up (RAWR 0.12) where it would just say "401 Unauthorized" on a failed login. Pretty sure it was just some code under the [unauthorized] line.
Anyone have an idea, or an alternate way to hide this info?