At the New Zealand Moodle Moot, Martin demonstrated a way to publish grades using a special URL which contains a secret key encoded in it. Giving the URL to other people gives them access to the grades.
Since grades are quite sensitive, it becomes a security problem when they are exposed accidently to third parties.
Here are two scenarios where this URL could become public:
1- The user bookmarks it and is using a community bookmarking system like del.icio.us Other users of that system may now find it, but Google can also index it.
2- Windows users sometime have "download accelerators" which report to a central server what URLs people are downloading. There have been cases where these URLs are then shared with the public, for example in "top 10" lists or "current downloads".
Therefore, I think the potential for users unknowingly sharing their grades is real.
One way, this could be mitigated is to split this into two pieces of information:
- a secret key
- a page where the user goes and where they need to enter the secret key and press submit.