Stumbled on this late. But this allows authentication and authorizations configured in FactoryTalk Security to be bypassed. So controllers secured with a security authority would be vulnerable to having their programs altered/replaced or firmware updated.