...and how many people have found it and not said anything? we've all used poorly secured admins here and there, but /admin seems particularly egregious.
As we know, hackers regularly turn random door knobs to see which doors open. Logs i can see show more black hat attempts than white hat, so either OldGregg's friend got lucky or a few exploits might have already been made.