So I was doing a Google search for one of sites with cFormsII installed and discovered that the directory cforms uses to store uploads from the forms (wp-content/plugins/cforms/uploads) were being indexed by Google. While this wasn't a HUGE security threat - it was quite disturbing to see the documents show up in several different searches.
And definitely - not something we want public!
I've updated the robots.txt to disallow the directory and included an index.html in the folder as well that includes a meta tag for no robots to index the page (or directory?).
<meta name="robots" content="noindex">
I also did a search of the directory itself (with no domain) and apparently a number of other sites are having this problem as well
I've removed all the files from the directory to be safe. And I've also requested Google remove the entire plugin directory from their indexing in case there's something else out there that might be floating around.
Not even sure where it's getting a link to the directory from. Any ideas? Is this a setting in the plugin somewhere? I'd hate for future forms uploads to be made public as well!