$Defaultnav is just the beginning. *?readviewentries* can reveal some documents you might be trying to hide with...
a blank $viewtemplatedefault.
Someone pointed the $defaulnav use could allow anyone to query you view names in case you didn't have a $defaultnav view or you don't redirect users querying the $defaultnav of a view to some others page (using a blank $viewtemplatedefault won't help)
Well we $defaultnav you're able to get all the view names, now if you try to display the view directly the $defaultnav will be "triggered" and you'll see nothing, but what you can do to see all public documents is replace the
http://server/db/view?openview by http://server/db/view?readviewentries
This will allow you to see all the precious notesid of all the documents in the view that you were trying to hide.
?readviewentries is a nice feature, but you don't want people to see all your public documents this way.
To prevent I suggest doing the same as for $defaultnav a URL redirect to some other page.
Create and URL redirect for all incoming
*?readviewentries* to somepage.htm