I have a very limited set of "set" variables (as checkboxes) available via a web interface. I think it's 3 max and don't feel it's that much of a security issue (for me). And you DO have to log in to the site before they become visible.

So I would vote to leave them in (of course <g>) unless there is some OTHER way to do this more securely and then I would be all for that.