The installer should set $wgNoFollowLinks to false in LocalSettings.php if the "Authorized editors only" or "Private wiki" user rights profile is selected. These wikis cannot be attacked by spambots because editing is only by registered users and registration is by invitation only. Therefore, there is no need to use nofollow to deter spam.
Nofollow would in fact likely be counterproductive to the wiki owner's purposes, since it would hinder him from raising the pagerank of sites he and his small circle of approved editors link to, and which he therefore presumably wants to attract traffic to. We should act under the assumption that he would prefer to have nofollow switched off.
Version: unspecified
Severity: minor