Public actions in admin controllers

I have never seen an official answer from a Magento engineer on the matter, but to me it always appeared that this feature is to be used when you want users to be able to link to a page from outside a secure session, as otherwise clicking on a link referencing a secure admin URL will only redirect you to the dashboard after prompting you to log in.

I always had two scenarios in mind: Either you want users to be able to share certain admin pages with other users or you want some public page to reference your custom URL in the Magento back-end (which would otherwise only redirect to the dashboard).

When you look at the Magento core you can see that Magento has essentially implemented this for reviews, orders and product pages. I suppose the Magento engineers did this so that admin users of a store are able to send links directly through a messenger or an email (as in "Hey, check out this order: [url]."). I once implemented a feature like this for a page when I wanted it to be easily sharable by admin users.

You are basically trading the increased risk of a CSRF attack for the freedom of being able to directly link to a page in your admin back-end, which should only be done when you have a very certain use-case in mind. I suppose CMS Pages did not fall into the use-case for the Magento core team as they seemed to have limited this "feature" to actions related to customer support and the editing of products - basically the most common tasks for customer service representatives at many stores.