This is a security hole in my opinion and should be plugged by editing the lock screen ui layout:
#find these objects and set the visible property to false
object class="GtkLabel" id="note-tab-label"
object class="GtkLabel" id="auth-username-label>
object class="GtkLabel" id="auth-realname-label"........
This is something that happens a lot and it is very dirty, as you probably know each site is hosted on a certain IP address. Sometimes a domain is hosted by a single IP address and the IP address defaults to this very same domain.
This means that if someone buys domain abcd.com and enters your IP address (the one of your website) as the A record, your content will show up on their domain as if it was their own.
There is an easy way to prevent this by using .htacces........