The auth scaffolding in Laravel 5.2 is super helpful and convenient and easy to use, but I wonder if there's a potential security risk:

If everyone uses Laravel's out-of-the-box auth feature solely for creating and managing user accounts, then there's no problem. But I have to think that a lot of people use it to create an admin section for site management, content management, etc.

If that's the case, then one of the first things I might do after generating the auth scaffold is remove the "Register" link from the view that Laravel's auth scaffold has created for me.

I might then go on to work on other parts of the site, forgetting that the register route is still active on my site, which is easy to do because the auth scaffold doesn't add register as a route in my routes file. If I continue developing my admin site without ever overriding the behavior of that route, then basically all anyone has to do is go to the register route on my site, create an account and they'll have full privileges to my admin area.

Shouldn't the register part of the auth scaffold be an optional add-on, not a built-in, out-of-the-box feature? And/or shouldn't the register route at least be added to the routes file to remind the developer to do something with that route if they're using auth for an admin section, not user accounts?

Just wondering.