Comment 2 for bug 586634

seems to be directly exposed to network; feels like a good thing for kees to review.

Given that it previously was not protected other than through firewall, we should check that the package default configuration is safe now, imho; but Kees' call.