Why doesn't Drupal hide CHANGELOG.txt?
Last modified: May 28, 2009 - 21:38
This issue has been discussed publically in several times, most notably in #79018: protect Drupal core .txt files where it was decided that there is no security benefit to hiding files such as CHANGELOG.txt