You are running a version of Subversion which is older than 1.0.6. A flaw exist in older version, in the apache module mod_authz_svn. An attacker can access to any file in a given subversion repository, no matter what restrictions have been set by the administrator.

Upgrade to subversion 1.0.6 or newer.