I talked with SD and a temporary "patch" could be to just take and use htpasswd on your admin directory so that the users with elevated permissions cannot access your control panel without knowing the password to it.
To do this, create a .htaccess file in the admin directory containing:
# Start Authentication
AuthUserFile /path/to/a/file/named/.htpasswd
AuthType Basic
AuthName "UBB.Threads Control Panel"
Require valid-user
The file named .htpasswd should be under your web root (not accessible via your website) and needs to contain a user:encryptedpassword combination, one line per user (have multiple authorized admin's, you can choose to share a password or have everyone have a different password, whatever); to generate an encoded crypt hash
click here.
An example would be:
gizmo:$1$3GfCWBPT$CIHAQSPgI9Y772j2CySul0