Removing the test.html file isn't really interesting, what everymody MUST do is password protect the editor, or at least the filemanager, and/or don't just set the connector to enabled = true, instead do some checking based on a session variable to be sure that the user has the proper rights to use the connector.
Re: I got haxored through fcked