Ya, that was my thinking... if there was a vulnerability in MyModule 2.11 for example, you could just do a search for that on Google...
Block that directory by default from bots?
Display the version# as Captcha's?
Better to know the version is old and get the user to upgrade.
Is this really a big security issue? I means hackers and bots just trawl each site and try the list of vulnerabilities that they know. It is nothing to them if the version info is displayed because the bot will try all things on all sites anyway regardless of the version info of the modules installed there. It is less effort to do this than to scrape the version info and build a list, since anyway the admin could update before the next bot run.
It is not the version info that causes the risk, but the dodgy code that needs to be upgraded. Knowing the version info will help get this updated not hinder it.
It is very helpful in support and could encourage people to check their version a bit more too. It would help a lot with people installing the files and not clicking "Upgrade" in the module screens.
I'd also like to see the themes credits on this page (which could be taken from the theme.php (if you defined a header format that will be parsed) and the version included there too.
You could put the version info into a title tag for the module name so that you hover over to see it. That way it doesn't get into the search index text.
Just display the version at the bottom of your module page - then you aren't reliant on changes to DF and you can immediately see the version instead of an extra click to the credits page. Or place the version in a js hover area so that it isn't picked up by search engines.
Yeap that can be done, but it's not neat nor standardised and results in an extra db query that 99.99% of the time isn't needed. Adding them to the current credits page would take less then 2 minutes of coding and cost nothing in performance terms.