Index: wp-includes/post.php
===================================================================
--- wp-includes/post.php	(revision 12919)
+++ wp-includes/post.php	(working copy)
@@ -16,6 +16,7 @@
  */
 function create_initial_post_types() {
 	register_post_type( 'post', array(	'label' => __('Posts'),
+										'publicly_queryable' => true,
 										'exclude_from_search' => false,
 										'_builtin' => true,
 										'_edit_link' => 'post.php?post=%d',
@@ -25,6 +26,7 @@
 									) );
 
 	register_post_type( 'page', array(	'label' => __('Pages'),
+										'publicly_queryable' => true,
 										'exclude_from_search' => false,
 										'_builtin' => true,
 										'_edit_link' => 'post.php?post=%d',
@@ -707,7 +709,7 @@
 		$wp_post_types = array();
 
 	// Args prefixed with an underscore are reserved for internal use.
-	$defaults = array('label' => false, 'exclude_from_search' => true, '_builtin' => false, '_edit_link' => 'post.php?post=%d', 'capability_type' => 'post', 'hierarchical' => false, 'public' => false, '_show' => false, 'supports' => array());
+	$defaults = array('label' => false, 'publicly_queryable' => false, 'exclude_from_search' => true, '_builtin' => false, '_edit_link' => 'post.php?post=%d', 'capability_type' => 'post', 'hierarchical' => false, 'public' => false, '_show' => false, 'supports' => array());
 	$args = wp_parse_args($args, $defaults);
 	$args = (object) $args;
 
Index: wp-includes/classes.php
===================================================================
--- wp-includes/classes.php	(revision 12919)
+++ wp-includes/classes.php	(working copy)
@@ -26,7 +26,7 @@
 	 * @access public
 	 * @var array
 	 */
-	var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage');
+	var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots', 'taxonomy', 'term', 'cpage', 'post_type');
 
 	/**
 	 * Private query variables.
@@ -36,7 +36,7 @@
 	 * @since 2.0.0
 	 * @var array
 	 */
-	var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm', 'comments_per_page');
+	var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'showposts', 'nopaging', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm', 'comments_per_page');
 
 	/**
 	 * Extra query variables set by the user.
@@ -277,6 +277,13 @@
 				}
 			}
 		}
+		
+		//limit publicly queried post_types to those that are publicly_queryable
+		if( isset( $this->query_vars['post_type'])) {
+			$queryable_post_types =  get_post_types( array('publicly_queryable' => true) );
+			if( ! in_array( $this->query_vars['post_type'], $queryable_post_types ) )
+				unset( $this->query_vars['post_type'] );
+		}
 
 		foreach ( (array) $this->private_query_vars as $var) {
 			if (isset($this->extra_query_vars[$var]))