Bug/Feature?
Use of impersonate() in route:before hook leads to autologin via /panel.

  'hooks' => [
    'route:before' => function ($route, $path, $method) {
      $kirby = $this;
      $this->impersonate('kirby');
    }
  ],

After this configuration, anyone can login via /panel without user/password. In theory this should be correct, but i think this is dangerously because of hijacking the admin user? Is this a bug or an intended feature?

• Kirby 3.3.4
• OS: osx 10.15.3
• Browser: chrome 81 mac