Many owners of these cameras assume that because they haven't shared the link, no one will find it. This is a classic "security by obscurity" fallacy. If a device is "public-facing" (accessible via an IP address on the open web), it is only a matter of time before a search engine or a specialized scanner like How to Protect Your Hardware
Use curl + grep for a quick check on a found URL: inurl+view+index+shtml
Such URLs sometimes expose unsecured web cams, old log viewers, or debugging interfaces. Many owners of these cameras assume that because
User-agent: * Disallow: /cgi-bin/view/ Disallow: /stats/view/ old log viewers