According to gotDrupal.com, cron.php is not, by default, protected by permissions.  This means that anyone can go to your site and type “cron.php” and make it fire, possibly causing the server to start working very hard.

How do you deal with these Cronsters? (And really, who are you anyway – who does that?).  I don’t know.  Time to keep watching! Ah… editing the .htaccess file.  Hmm.  I guess I’m not dealing with Cronsters today! (i’m developing on localhost, so right now, the threat is moot). I must remember to reinvestigate this as we come closer to production goals and deployment.