Inspecting my logs, I see that cracker tools are developing an increased interest in Roundcube. For example, tests for the /bin/msgimport shell script are common.
I'm not sure if they want the script to attempt abusing it (if server configuration allows that) or to check for the Roundcube version (other tools display the CHANGELOG file, in what is obviously an identification+version probe). In any case, why are those scripts in 'roundcube/bin' instead of being elsewhere, outside of the web-accessible tree?
Carlos
List info: http://lists.roundcube.net/users/