The Timetable plugin does not appear to properly check the logged in state of a user before displaying the timetable, even when the menu type for the Timetable plugin is set to "Logged in only".

While the top menu does not show a URL link to the Timetable page, anyone with access to the Timetable page URL will be able to view the timetable without logging in. Other pages (such as Voting) properly show an expected UNAUTHORIZED REQUEST! error.