Unauthenticated access options for local / remote statuses are broken
In admin-fe you have options that disable unauthenticated access for local and remote statuses. I dont think there's anything wrong with the admin-fe option, I think it's a frontend bug -- but if you "disallow access" to the statuses, the frontend doesn't respect that and will display the local statuses and remote repeats anyway, although replies to remote statuses will be broken links as expected.
This can be problematic for those that would like to, say, show their statuses but disallow people seeing remote posts
Confirmed in develop branch.
Edit: Backend bug *
Edited by Lady Gaga