Security Fail!

Useless because there is no actual security on the files! The option for who can see it only affects the display in the WP navigation, the files themselves are completely unprotected and open to the world! Hilariously, hitting the root files URL gives a 403 instead of showing you a file browser despite being authenticated. So it’s a double fail when it comes to permissions. Highly unfortunate, it’s a great UI if it was actually functional from a security standpoint.