This issue was revealed to us by a security consultant performing a penetration test on our production environment.
In the Chef WebUI, if you attempt to login with invalid credentials, the page that is rendered includes a populated selectbox revealing all the Environments known to the Chef server. This is privileged data being exposed to a non-authenticated user.
To reproduce, submit invalid login details on the Chef WebUI login page, or visit /users/login_exec directly on any server running the Chef WebUI.
NOTE: Changing this to Priority:Major. I think this is a fairly large security issue.