thanks for the reply. Okay, having a relict from previous versions in the manual is totally valid :)
Indeed it could be a security hole, but I think you could say that is up to the developer and software architect to decide whether or not to take the security risk. Right? :)
The case of our company is as follows:
We have a rather big application which is deployed at like 12 Locations in an internal network. In order to keep our drools excel-sheets separate, we manage them in dedicated repository with one responsible maintainer for that. It's accessible read-only for users without credentials. Those 12 Locations access that repository via HTTP-URL i.e. ResourceFacotory.newUrlResource(). We developed an extra function to reload Drools-Sheets in real time in our application.
This approach has a few advantages: We don't need further infrastructure to provide all locations with the newest drools-rules, just the git repository and in our case (gitblit, yeah old, but works for this purpose). We can update the drools rules without deploying the entire software-package or restarting the application. Drools rules are maintained at a single spot and easily edited, since the repository just has a few rule-sheets and is therefore low in MB-Size.
It's easily setup, easy to maintain, maximum flexible and works absolutely fine for us. Even the not so skilled developers easily understand this setup.
Without the access via URL, we need to make the drools files available at each location which means extra effort to distribute and update.
Please let me know if you plan to bring that feature in again, since we will have to adapt and figure out a different solution for us to make the drools-sheets at all locations accessible and easily updated. :)