Unauthenticated monitoring endpoints expose sensitive task data

Monitoring dashboard deployed with AUTH_ENABLED=false exposes task arguments, results, worker details, and failure traces to unauthorized access. This creates data leakage and compliance violations.

Always set AUTH_ENABLED=true in production. Configure Basic Auth with PBKDF2 password hashing (never plaintext). Implement OAuth for enterprise deployments. Use firewall rules to restrict access to VPN/VPC only (e.g., TCP 3000, 8765 from 10.0.0.0/8). Configure CORS to restrict origins strictly to known domains. Test authentication by verifying unauthorized requests return 401.