|Warning: the /system directory contains all of the private information such as orders, mailing lists, emails, etc. Be extra careful to ensure that "Everyone" is set to not have any "View" or "List" access to this information.|
You can double check the security for any system directory by going to the page: /acl.htm. For example to check the security on the system directory for www.yourdomain.com, log in and go to www.yourdomain.com/system/acl.htm. Check to make sure that Everyone doesn't inherit "View" rights of "Yes". Also check to make sure that Everyone doesn't set a Local "View" Right of "Yes" either.
You may need to expose mailing lists for use as membership directories on visible parts of the site. It's best to handle this by giving access to a list directly and not the whole system directory.