$wgWhitelistRead allows actions other than reading for a page. This can leak account names on wikis where they're supposed to be private: https://arbcom-en.wikipedia.org/w/index.php?title=Main_Page&diff=next&oldid=31803
Original description:
http://en.wikipedia.org/w/index.php?title=User_talk:Kirill_Lokshin&oldid=463197526#Quick_question
Also, something weird is going on here:
http://arbcom.en.wikipedia.org/wiki/Main_Page
http://arbcom.en.wikipedia.org/w/index.php?title=Main_Page