"Arc requires the clearing of srvops* unless you want the webserver to respond to a dozen URLs in unexpected ways."
Specifically, the Arc web server automatically implements /login, /logout, /whoami, /admin, /mismatch, and various other things, unless you clear out srvops*. I don't know that any of these are security holes, but I'd rather disable them since I don't want them.
