put and delete functions in httpd

[fc () all net (Dr. Frederick B. Cohen)]

I was looking through the code to httpd and noticed the functions Put
and Delete - apparently using the same access controls as get, etc. 
Does this mean the default is that anyone can delete and put replacement
files in http servers? I removed the code (to no negative effect) from
my httpd but didn't test to exercise the potential problem.  I would be
interested to hear of anyone who tests and finds that outsiders can
modify their servers this way.

Also of interest - httpd produces error returns when you ask for a moved
file, etc.  I modified our deamon to do a redirect to our home-page so
that users don't have to read error messages and try other URLs.  It
seems to work well and eliminates a number of access control concerns
with people guessing URLs (any URL works - but you almost always get the
home page).  Also, this seems to redirect programs looking at robots.txt.
I wonder how many of them fail from syntax errors?

FC