I’ve just been digging around and notice that the 0.2.4+r1376-1.1+etch1 debian package has security patches applied relating to web logins. I’ve emailed the package maintainer as I can’t see when these patches were applied to etch. My hunch is that they were backported recently, like in the last week.
http://packages.debian.org/etch/mt-daapd
Cheers,
Dave.