Seems we're talking past each other, but short story is, this is certainly not desired behavior.
1) open an Incognito browser session
2) go to a forum where unregistered/unconfirmed users are not permitted to use the Search function.
3) go to a url like: https://[domain].com/community/search/[choose-a-random-number]/?q=[choose-a-search-term]
4) observe that it works.
Since unregistered/unconfirmed users are not permitted to use the Search feature, it shouldn't be able to be obviated by futzing with the URL (cached or not). I've noticed some bots heavily crawling my site in this manner.