From Slashdot: (emphasis mine):
However, there is no Log-Out button in this Web interface, so most users just close the browser and walk away… not realizing that their iDisk has been cached by the browser and that anyone who wants to can open up the browser, go back to the link in History, and get into their iDisk completely logged in. From here, files can be downloaded and/or deleted. This seems like a minor security flaw via bad interface design […]
I find it hard to believe that anyone could describe this as a minor security flaw.