This doesn't make much sense to me since you don't need to be able to access content to login, but you might need to login to access content. User login from the User module itself grants access based upon whether or not the current user has an ID or not:
$items[] = array('path' => 'user/login', 'title' => t('Log in'),
'callback' => 'drupal_get_form', 'callback arguments' => array('user_login'),
'access' => !$user->uid, 'type' => MENU_DEFAULT_LOCAL_TASK);
I would think this would be a better access rule, or possibly even not check access at all. As far as I'm aware, the reason that access is checked in this way is mainly to prevent a login link from appearing in a menu once a user has logged in. This isn't really relevant to the Thickbox module since it's link only appears as a replacement when the main user link is shown and it really doesn't harm anything (that I can think of) to be able to access the Thickbox login page at any time.
Comments
Comment #1
frjo commentedRight you are. Doing it like the user module sounds lika a safe solution.
I have committed new code to the 5 dev version, please try it out and report any issues here.
Comment #2
frjo commentedComment #3
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.