I tried to show the problem to a coworker. And it disappeared.
I went thru the same drill I had gone thru before.
I removed all rights I had granted to XWikiAllGroup including view
In another browser I was logged in as a peon. I logged out and back in and could not view main page.
I started giving XWikiAllGroup rights one at a time starting from the left.
This time, with coworker present, things worked as expected. Maybe I was better about refreshing things somehow. I thought that previously, it was not enough let someone view a page simply by granting view, I had to grant script and program also.
It is true I did have edit checked for all in XWikiAllGroup. I don’t now, and as makes sense, everyone is no longer an admin. I don’t know why I would have turned it on in the 1st place except as an act of desperation.
I also see that it is not necessary for peon user to log out and back in to experience that his rights have changed. So I don’t know exactly where refreshing the cache comes in. But I do think I saw some incorrect behavior in the past, as stated, esp after adding view right.