Comment 3 for bug 519083

My bad, in fact this is documented:

http://chestofbooks.com/computers/revision-control/subversion-svn/Tunneling-Over-SSH-Serverconfig-svnserve-Sshauth.html

"When running over a tunnel, authorization is primarily controlled by operating system permissions to the repository's database files; it's very much the same as if Harry were accessing the repository directly via a file:// URL"

Would be nice to put some warning in config file and perhaps on connect, same as there is warning about that the password is going to be stored/cached in insecure way.