Whether a search engine is pointed internally at portals and other intranet Web sites, or at the external company site, its busy indexing every page that is visible to users and the outside world. Basically, if the search engine can see it, then anyone can.
There have been many prominent cases where an outside group found sensitive data on a company site using the companys own search engine.
Take pre-emptive action to close this hole. Come up with a list of terms found only in sensitive documents, such as HR payroll numbers, internal planning documents and product plans, and then use this list as search terms on your site. You may be surprised at what you find.