Thread:Project:Support desk/Fatal error: Call to a member function addWikiMsg() on a non-object in /home/username/public html/wiki/includes/specials/SpecialLinkSearch.php on line 82/reply (23)

Well first of all, that depends if the people who are allowed access are trustworthy (I suppose that goes without saying). If no one evil can access your wiki, then they can't really do evil things to it.

Leaking $wgUpgradeKey would allow someone to run the installer. Off the top of my head I think that only allows someone to basically update db tables (Which could perhaps open you up to a DOS attack i suppose maybe, not sure if any evil could really be done here. but its definitly not something i'd want randoms to have access).

$wgSecretKey is related to how tokens for user authentication are generated (aka the stuff we stick in cookies to make sure a user stays logged in). If an attacker knows this, it would make it quite a bit easier for them to spoof a cookie, and gain control of another account (Still would be quite a bit of work, just a lot less than wthout $wgSecretKey)

[This is mostly off the top of my head, there's definitely the possibility i missed something here]