Security hole with Modules that have both secured and non secured handlers

So unless I am doing this wrong, there appears to be a security flaw in ContentBox.

If I want to provide security, or an Admin view that should be secured it is vieweable by both no-secured and secured routes. Now I am sure that I am doing this wrong, so I would be happy to hear how others might be handling this.

In most of modules to date I have always added the route as such.

{pattern="/module/:moduleEntryPoint/:moduleHandler/:moduleAction?", handler=“modules”, action=“execute” }

Which allows me to have the url


Which works when a user is not logged into the admin dashboard, however if I then use


It will bypass the security login, which is not my desired result. So the question is should I just use my own secure list rather than rely on ContentBoxes?

Again if your doing this and have it secured right, how are you doing it?