$wgWhitelistRead allows actions other than reading for a page. This can leak account names on wikis where they're supposed to be private: http://arbcom.en.wikipedia.org/w/index.php?title=Main_Page&action=history
http://en.wikipedia.org/w/index.php?title=User_talk:Kirill_Lokshin&oldid=463197526#Quick_question
Also, something weird is going on here:
http://arbcom.en.wikipedia.org/wiki/Main_Page
http://arbcom.en.wikipedia.org/w/index.php?title=Main_Page
Version: unspecified
Severity: enhancement