The kind answer is anyone with an ounce of cybersecurity knowledge would look at the website and say "you're literally revealing information about directory structure to an outside attacker if they just glance at the HTML"
See the website link "/admin/ApplicationRanking.aspx", under the section titled "DoD Agency"? That probably means that they ranked applications using the exact same web interface. Now I'm not saying it's impossible the dates are meaningless. But it looks unlikely since I assume the act of ranking applications would change the "last updated" date.
It looks like they were so lazy that they just put the access menus for all possible users on a single page, and just commented out the unneeded parts depending on what type of user you are
The website is absolutely not secure. I submitted my app before I realized that some of my files weren't in pdf format, but I was able to resubmit by changing some booleans and making some custom buttons. In fact, the server actually accepted those updated files, which have persisted. Also, 12/23 update for those interested
Doing some minor hacking. It looks like this is what those awarded will have shown. They already have all the appropriate elements in the HTML, but commented out. I'm guessing you only get access to those pages "/Fellow/PostAwardDashboard.aspx" if you've actually been awarded, which is totally a backend thing
I'm 99% sure you need an official offer. Got mine a few weeks ago for MASt in Applied Maths and Theoretical Physics. There is the possibility that you've been accepted and they haven't updated the status to something like "Awaiting approval by GAO" but they only rank candidates whom they plan to accept.
Last year, the invites went out Dec 14th/15, so presumably in a week if you get an interview. Otherwise, you're basically on the interview waitlist until January, and then they'll email a rejection.