In vBulletin there is at least license validation. So even if user got his way to this page, he can't actually do anything.
Perhaps something similar should be added to XenForo as well.
If not license validation, so kind of other validation like config password.
I consider this bug because this may affect live sites which forgot to delete their installation path.