Apache and Case Insensitivity: a security risk?

Scott Boone alerted us to a SecurityFocus Forums posting titled "Mac OS X - Apache & Case Insensitive Filesystems." It states:

"The preferred filesystem for Mac OS X is Apple's HFS and most setups use it. HFS is a case insensitive filesystem.

Apache's directory protection (and other methods that depend on filesystem object names) cannot handle this and breaks. For example, both Directory and Location configuration options break.

This is a real security risk because most people do not know this. It can easily be used to bypass protected directories."

A note on MacInTouch claims there is a fix: Install the mod_hfs_apple Apache module - available from Apple. The source code for the module states in part: "mod_hfs_apple Apache module (enforce casing in URLs which need it). Consequently, when this module is installed, some pseudo-case-sensitivity is enforced when Apache deals with HFS volumes." (Thanks, Clint Ragsdale.)