Hey,
When you set mlocks for example +tnk <key> it can be bypassed by someone who does not have access (and if they are first user that joins the channel) making the key exposed!
Same if you set the channel modes for oper only (eg +O) and if the user does not have access joins they are in a oper only channel and nothing happens to them. Same for +i etc.
To address this issue you could implement a feature similar to AustNet's OPAS where if the first user joins does not have access to the channel they are banned and the services stay in the channel for the time specified (the CSInhabit option). After the user is banned then the mlock is enforced (and then they don't see the key or bypass any other modes for example).
This could really increase channel security and privacy.
Thanks