A russian security group, has exposed the wide spread existence of mis-configured web servers once again. The “exploit” itself is not new, it basically hooks on to the fact that there are usually some change files in the .svn/.cvs directories on a site and then tries to grab these meta-data files and extract source code from them.
At the least one would expect that web admins would restrict access to files starting with a dot.
In any case, to remedy this issue, please prefer to use svn-export/rsync over checkout. If possible consider using something like the below to deny access to the files.
<DirectoryMatch \.svn> Order allow, deny Deny from all </DirectoryMatch>
URL-Rewriting can also be used, in case mod_rewrite is enabled in .htaccess