Removing that isn't a good idea, really.
The correct option, aside from the hacks pointing you in the wrong direction, would be this.
Open the mu admin bar php file.
At the top you will see this:
<?php
/* <WP Plugin Data>
Add the following in between the two:
if ( !defined("ABSPATH) ) {
die("I don't think so, Tim.");
}
global $blog_id;
if ( $blog_id == 1 ) {
return;
}
So now, the top should look like this:
<?php
if ( !defined("ABSPATH) ) {
die("I don't think so, Tim.");
}
global $blog_id;
if ( $blog_id == 1 ) {
return;
}
/* <WP Plugin Data>
What this does, as an explanation, is first it makes sure MU called the file. If it didn't, and someone is trying to access it directly to insert an injection, it executes the php function die(). The message in between may be customized, that just happens to be my style of telling them to stick it.
Second, it calls the globally available variable, $blog_id.
Next, it checks for that value equaling 1. If it does, it simply does nothing. If it's not blog_id 1, then it runs as normal.