That means that they're vulnerable... If they put admin tools in a hidden directory and only give certain employees the directory name, then they are assuming that since it's hidden and no links point to it, then it's safe and secure, obviously they were wrong...