We’ve received a few reports from different people that Peoples Privates are visible… After a quick search, I found the problem and it was a rather simple error, based on the code was only checking to see if you were logged in, not at who’s diary you were presently looking.
This is now fixed, and private comments do not show if you’re logged in but looking at someone elses diary.
Apologies for the slip.
I’m also investigating reports of other vulnerabilities in the system relating to be able to add entries and modify other diaries through the login mechanism and a possible page hijack attempt to gain usernames and passwords. I’ll give more details once the extent of the problem is more clear.