Would it not be the case, that a compromised machine that was mounting iSCSI, might then be able to access the hidden admin feature? It could then mount other volumes read-only and read data meant to be private...
Not necessarily. In most cases administration access to these things are on an entirely separate network from connection protocol. Having an iSCSI / nfs connection isn't enough; you'd also have to be on the same network as the management interface.
Doesn't help if someone has physical access to the datacenter, but that's a given.