[eluser]Rick Jolly[/eluser]
If you are not aware, on most hosts you move your system directory above the web root so that it cannot be accessed through a url. Also, as opposed to sending requests to "system" through CI, you could just disallow those requests entirely.