The HTTP 404, 404 Not Found, 404, Page Not Found, or Server Not Found error message is a Hypertext Transfer Protocol (HTTP) standard response code, in computer network communications, to indicate that the browser was able to communicate with a given server, but the server could not find what was requested.
As you were told above there is no big danger if these pages are visible for others because all of them are unavailable for non-logged admins / operators. But you may try to rename studio folder and correct this constant:
LeonidS these pages are available for all members that are logged in, including "unauthenticated" accounts. I can access these pages and change settings, send e-mails, delete accounts. This is very worrying.
Looks like you have did some custom settings to your permissions. Unauthenticated users have 15 actions they can do????? I also see you created a new "Contributor" level as well.
Access to the Studio is done by "Role" level and not a permission. As you may have noticed, if you click any of the actions you will not see "Studio" anywhere. Anywho, not sure what you did but I would suggest going into your database via PhpMyAdmin or whatever you use to view it, and open up the sys_accounts table. You will see a "Role" column to the right of your users. Only the role of "3" (Admin/Operator) should have access to the Studio.