The second observation Barkah made concerned the ability of someone with whom a document is shared to view all versions of any diagram contained in it by modifying the image's URL.

In his response, Rochelle points out that allowing collaborators to view a document's revision history is a Docs feature, and that the only people who could see past revisions of a drawing are those who have been given access to the document.

"We may consider explicitly preventing viewers from accessing drawing revisions," Rochelle wrote. "For now, if document owners decide they don't want viewers to have access to their revisions, they can simply make a new copy of the document -- from the File menu -- and share that new version. The revision history of both the document and all embedded drawings is removed in copies of documents."

Barkah didn't detail his final concern in his report to give Google time to troubleshoot it, but said that it allowed, in some cases, contributors whose access to a document has been removed to get back into it without the owner's knowledge and permission.

Rochelle explained that the scenario involves the use of a Docs feature that allows invitations to access documents to be forwarded to more than one person. Google added this feature in response to requests from users who wanted to forward invitations and share documents with e-mail lists.