Since ngrinder 3.2, SVN doesn't block the access from illegal access. Everybody can access the other's svn without any http basic auth info.
Actually, there are http basic auth protection, but it is not applied because it's configured to permit even illegal accesses.
The quick workaround to prevent this problem is following.
and modify following line
<intercept-url pattern="/svn/**" access="A, S, U"/>