We use Remote Apple Events on some of our Macs - it's a very useful
feature. But returning a list of current apps is one feature too
far and we've made sure that no unknown IPs are allowed to use port
3031.
It is not a security issue. It could have been a security issue
whether you had chosen NOT to activate Remote Apple events and could
access the list of applications. And only admin users are supposed to
do this, so who cares ?
The fact that some function does not please you because it "shows too
much" is not a security issue. It is by design, it has always been
since System 7.5 (maybe Mac OS 8).
If you activate the Remote Apple Events, it means you WISH to have
full control over the remote Mac. It can also be very useful to know
if an application is running to decide if you want to perform an
action or not. One could propose decide that it is a security to get
the name of the logged user, or the adress IP of the Mac, your
mileage may vary.
BTW, send also a bug report to those guys who decided it was possible
to use the "ps | auxc" command in a remote shell. See :
