I sent this report to the JSST on 26.7.11, never got any reply about its content, just standard thank you blabla... I originally sent this to JSST as wrong result of this function combined with vulnerable extension could be a potential danger, but after more than one year it is safe to claim they decided it is not an issue so IMHO it is safe to publish. Also function has apparently not changed since 2009, which is being discussed in a topic.
Perhaps just this clarification for result column:
OK - component renders,
NOT_FOUND - system returns COMPONENT NOT FOUND status
Marked by red fields are results when under specified conditions component renders when it should indeed return NOT_FOUND. In combination with vulnerable extension this could lead to security breach.
Orange marks conditions when issue is a functional bug, but IMHO not a security problem.
EDIT: Forgot to add this: it becomes a security issue if someone relies on Disable to prevent unsafe users from accessing vulnerable component (backend - second red OK) or when vulnerable component is deinstalled from database (== not installed) but files remain there (e.g. due to file permission problems) - this is valid fro the frontend first red OK). Not a release triggering issue, but should be fixed anyway.