There is a draft post in my WordPress system called “Hand over your Lupins”. I never published it. I haven’t finished it yet. I don’t want anyone to read it in the current form, because it contains notes and suggestions for further development, including references to some key figures in SEO Celebrity Land. If that was published as it is, I’d get some heat for sure. But isn’t that the case for most “draft” posts? Certainly you would not expose your draft posts to the public, right?
But the only thing between those draft posts and the public is a WordPress front controller that checks a “publish” bit and passes over the drafts. On every page load. Those draft posts exist in your WordPress database, the same as your public posts do. That database is readable by the public-facing WordPress, and it is very reasonable to think that they might be “exposed” by a clever hack. Ever hear of a vulnerability in a WordPress plug in? Sure you have. It’s only a matter of time before somebody builds a popular plug-in which enables access to draft posts. It’s not terribly difficult… virtually any access hack could enable it.
So what would that reveal about you and your business? What do you have lurking in your drafts folder? What does your competitor potentially already know about your desire for Lupins, which until now you have been so careful to conceal?