The quest for reduced authentication of admin interface images continues.
This change avoids the authentication_throw() call inside the admin if
itself. It's known that this allows images from other sites to be exposed
through this port but it's no different from knowing URLs stored in the
protocol cache and therefore considered acceptable.