You know the page you get when you first install WordPress to a domain? It seems like it's totally public, so what's to prevent someone from stumbling onto your site (especially if you already had links pointing to the URL) and entering in the info to setup a blog. I realize you could just delete and reinstall, but it still seems like pretty insecure behavior. Is it meant to be open like that?
When WordPress in installed, there's no way you can execute the installation code again, unless you drop all WordPress tables from the database.
Yea. Once WP is installed. There is no install page. Secondly, there is no doubt about security in wordpress.