I've found two cases where the stealth parameters could be leaked to the public.
The first leak happens when the "Meta" widget is enabled. The "Log in" link under Meta reveals the stealth login page. I don't think this is the intended behavior.
The second leak happens when an attacker visits
/wp-login.php?action=register. If registration is disabled, the attacker will be redirected to the url
/wp-login.php?stealth_q=stealth_a?registration=disabled with code 403. Malformed as it is, it puts the stealth question (
stealth_q) and answer (
stealth_a) in the open.