Okay, this should be a no-brainer, but just because Gmail offers RSS feeds doesn’t mean you should offer them to the public.
A number of people have done just that, sending their Gmail off to Feedburner and then subscribing in Bloglines, which puts it in the public directory (unless you actually thought to make it private). Among the apparent victims: Andy Rutledge, who likes Bear Grams when he isn’t redesigning company homepages.
I’ve already found out Naveen Joshi’s username (and missed his password by an ellipsis), know that Joe is getting messages from his personal trainer, Joe Grossberg invited himself to Gmail (for multiple accounts, I presume), and that there are nine companies that will refinance. Does Bloglines need to protect these users from themselves, or is it your fault when you make a feed of your email public?
Martin Belam discovered this snafu, and has a lot more to say on it. He also found one guy’s termination letter (ouch!). Maybe someone should email all these people and let them know what happened?
(via Danny Sullivan)