Guys.... there *are* valid security reasons for wanting to block ReadViewEntries, even on an already secure application.
For instance, you might consider your Domino Directory secure. Yet any authenticated user can access...
http://server/names.nsf/($Users)?ReadViewEntries
...and there's quite a bit of potentially compromising information revealed there.
Glenn, blocking ?ReadViewEntries is best accomplished with a server URL mask. Otherwise, I'd suggest searching for "?ReadViewEntries" on notestips.com. Mike's already documented some good stuff there.