I have found a major security hole in the switch user option when using screen sharing. At least, on my Mac. When I screen share my Mac Pro from my MBP, with the screen saver enabled & locked, and select 'change user' it immediately logs me into the active account, without requesting a password. This is totally bizarre, i haven't tried it on other machines but I can repeat it every time. Can anyone else replicate it? Running 10.6.8 on MBP 10.7.2 on flawed Mac Pro.