Limit direct access to templates to web.cfm and server.cfm for request not logged in.
please test the complete admin, if it still works.
Yes, . I've checked with as per your fix code, it works fine. If we try with non-existing file means, it shows an empty page when not logged in and also checked with admin - security - file access. Yes, it works fine as expected.
But, if we check with access - local ( D:\test ) to access - none and test with
( Example: fileread('./example.txt') - the file under the C: ),
it'll throws an error "can't access".
but, it throws like can't access [ C:\test\example.txt ] file must be [ D:\test ]