Guys.... there *are* valid security reasons for wanting to block ReadViewEntries, even on an already secure application.
For instance, you might consider your Domino Directory secure. Yet any authenticated user can access...
...and there's quite a bit of potentially compromising information revealed there.
Glenn, blocking ?ReadViewEntries is best accomplished with a server URL mask. Otherwise, I'd suggest searching for "?ReadViewEntries" on notestips.com. Mike's already documented some good stuff there.