[deepakjc]

Wow, 3 separate mentions on HN is pretty high (and those were the ones you were able to find). This must have been reported dozens of times to Google.

That said, if (a) this is only occurring with the 2 conditions you mentioned and (b) if Google Drive integrations are only allowed with vetted partners, then I suppose this is less exploitable. Someone would have to intentionally put the link into a 3rd party application that had some people who shouldn't have access.

Though it still be a problem I think, privacy is important even internally. Sometimes access needs to be revoked, or people are unaware of all the people who have access to a channel etc.