Holes in the cloud: consultant finds more flaws in Google Docs
Security consultant Ade Barkah has found several more gaps, and they're all just as alarming - if not more so.
Issue #1 appears right at the top of his blog post: an image that he embedded in an unshared document. Apparently all uploaded images can be accessed directly by anyone, as long as they've got the url.
On top of that, Barkah discovered that another user can view past versions of diagrams you insert in a document even after your replace them. As with the image access flaw, finding the previous versions is as simple as replacing the rev=# in the drawing's URI.
Last but not least, users you've previously granted access to your docs but later removed aren't necessarily gone for good. There are certain cases in which they can regain access themselves without you ever knowing about it.
Tin foil hat wearers rejoice, this is further confirmation that just because you're paranoid that doesn't make you wrong.