Attacker can force showing admin panel login page regardless of admin panel URL by calling a module directly. It makes it easier to try automated password attacks and exposes admin URL on the page.You can find the option at System > Configuration > Advanced > Admin > Security and by default, the option is Enabled, which means that security measures are less restrictive and all advantages of SUPEE-6788 patch are NOT used, so admin path is disclosed to public. To protect your store with all security measures provided in SUPEE-6788 patch and in Magento 1.9.2.2 the option should be set to Disabled.
A
Admin Router Compatibility
Admin Router Compatibility mode for extensions is an option added in Magento 1.9.2.2 and SUPEE-6788 patch for any older version.
The option is for protection from security issue APPSEC-1034 (Admin path disclosure):