Attacker can force showing admin panel login page regardless of admin panel URL by calling a module directly. It makes it easier to try automated password attacks and exposes admin URL on the page.You can find the option at System > Configuration > Advanced > Admin > Security and by default, the option is Enabled, which means that security measures are less restrictive and all advantages of SUPEE-6788 patch are NOT used, so admin path is disclosed to public. To protect your store with all security measures provided in SUPEE-6788 patch and in Magento 18.104.22.168 the option should be set to Disabled.
Admin Router Compatibility mode for extensions is an option added in Magento 22.214.171.124 and SUPEE-6788 patch for any older version. The option is for protection from security issue APPSEC-1034 (Admin path disclosure):