Who on earth would want to query the spend secret key over wallet RPC?
https://github.com/sumoprojects/sumokoin/commit/819f7e6e0eff6e4f7f41eca32f2e9df1d9b92e03If the connection was somehow compromised and an attacker managed to see this data, all your money would be gone. Only a fool would use this feature.
The developers seem neither competent nor serious about security, which explains why the very old bug in the wallet has been left unsolved for a long time.