PSA - Make sure your client isn't open to the PUBLIC

We've been getting reports of a bunch of MAM users with clients wide open on the web with no Access Control to prevent anyone who discovers it from taking over the client.
Clients left open this way risk people using them to download things without permission, taking the files that have already been downloaded, or even the unauthorized user running code on your server itself.
Some of these clients are also running as root on linux, which means this opening to Remote Code Execution can be used to completely take over the system in question (not just the client or the user account the client is running as).
These security issues don't just put the specific user at risk, but everyone on the site, as it's a gateway to getting more peer info (via the client).

Everyone should verify that either all remote interfaces are turned off (for clients you only access locally) or appropriate measures to limit access are in place.
The bare minimum is setting a secure and complex password on the remote interfaces, but this alone isn't ideal as some don't have means to Ban on repeated Failure, leaving open brute forcing.
The means of better security will depend on the client and your setup, but can include also limiting source IP or range (if you always access from somewhere), securing web interfaces with ssl client certificate, or setting up something like Fail2Ban to block IPs on failures.

TL;DR
Users with Insecure Clients are putting themselves and us at risk.
We're sending messages as we get notified that they are open as well, but best you check first