if you have the News-Feed enabled an include some forums which are not public to all, they can be seen by everyone(!!) over the "news"-feed!

actually there is no access-check at all within the news-feed .

within the feed.php:
class phpbb_feed_news:
function get_sql():
while ($row = $db->sql_fetchrow($result))

{ $in_fid_ary[] = (int) $row }

I changed it to:
if ($auth->acl_get('f_read', (int) $row['forum_id']))

{ $in_fid_ary[] = (int) $row['forum_id']; }

I'm not sure if this works for passworded forums as well - but I don't use them anyway. acl_getf would be faster I guess with an array comparison .. but I'm no php-coder

I avoided using ->excluded_forums() because I explicitly excluded some of the news-forum from the forums/topics feeds. (as how I understood the basic meaning between these to options)

besides that you pretty much rock ^_