I tripped upon what I think is a pretty big security hole in the front page. If any user on the latest Moodle 2.4.3+ is in edit mode on any page in Moodle (say they are a course teacher and are making changes to a course, or even any user doing an edit on their public profile page), they can simply click Home (or navigate to the front page, without turning off edit mode in something they have edit rights to) and have rights to edit and add content to the front page.
We're running the newest 2.4.3+ code and using LDAP for authentication.