Similar to Bug 27715, the filearchive module doesn't respect rev delete.
This is not a major issue, since you need to be a sysop to use that module whatsoever. However, if you had some of the sysop permissions split up, this could leak data to people with deletedhistory rights. This might also be able to leak some oversighted info to admins.
Easiest way to fix this would probably be to convert filearchive to use file objects, and then just use the various permission related methods of File.
Version: 1.17.x
Severity: major