I'm not quite sure where to post this, so I've decided to put it there.
Those who now Russian language may read an original post - http://habrahabr.ru/blogs/infosecurity/70330/

In short. Some time ago few russian hackers discovered a vulnerability which affects a great number of web projects. The issue is with SVN. If project is maintained with SVN and developers use its Checkout, then all the sources are put into a hidden directory .svn
In great number of cases this directory is allowed for reading via http://[website]:80/.svn.
Moreover, all the sources are put to /.svn/text-base/ (you guess?) and are not saved with (e.g. for PHP) *.php extension, which would lead to its execution, but in *.php.svn-base format - which is a plain text.
They've created a scanner and looked through all sites within RU domain zone. Thus, they have received sources, developers logins, etc. of huge russian projects. When they decided to scan COM zone - it would have taken about 2 years, so they've declined this idea.
A live demonstration of this vulnerability is at apache - http://apache.org/.svn

---------
http://p0deje.blogspot.com

It's not a new discovery, folks just didn't know it, that's all. Moreover, most people who use svn write open source, with emphasis on: open.

Like: http://apache.org/server-status

Apache using mod_status. new? no. Just stupid configuration to allow it to be world readable.

Here: http://php.net/server-status

Spying was never this easy.

Oops. I didn't know that this is not a new vulnerability. That's why I was shocked when saw it :)

---------
http://p0deje.blogspot.com

p0deje, a lot of people have been around, and remember things without talking about them. So in that sense, yeah it isn't new. I don't fear what people talk about, I fear what they keep private ;-)