when disabling the login (i assume by setting $enable_authentication = 0;) are you then also exposing the information in the database to be changed simply by going to to /admin.php?
e.g. will 'public' users be able to manipulate the records and settings?
I'm trying to protect the data - but...