On Wed, Aug 12, 2015 at 1:44 AM, Pine W wiki.pine@gmail.com wrote:
Would keeping sensitive pages in wikitext format under "full protection" (meaning that only local administrators can edit) be sufficient?
This is asking for trouble. Even if all our admins acted sensibly all the time - and if you've been around here long enough, you know that's not true - there is still the very real possibility of admin accounts being compromised. I have personally fixed XSS flaws in widely used user scripts, and a determined attacker would be highly likely to find others. This is best kept out of the control of admins so that if an admin account is compromised it will not affect other accounts.