The Risk

The problem is not the page. It is every path to the fact.

User
requests
URI
calls
API
queries
Sensitive facts

If one route bypasses the control, the data is exposed.