There is security hole in such URL http://creator.zoho.com/kunjichen/test1/#Form:test4?recLinkID=216507000000428104&viewLinkName=test4view_added_by_me

There is security hole in such URL http://creator.zoho.com/kunjichen/test1/#Form:test4?recLinkID=216507000000428104&viewLinkName=test4view_added_by_me

This kind of URL is very useful for me. However there are security hole in it:
http://creator.zoho.com/kunjichen/test1/#Form:test4?recLinkID=216507000000428104&viewLinkName=test4view_added_by_me

Th filter of View "test4view_added_by_me" is:
Added_User == zoho.loginuser

Currently there are two rows in View "test4 view". One is added by user "kunjichen", the other is added by user "chenkunji". See below:
http://creator.zoho.com/kunjichen/test1/#View:test4_view

name   Added_User   ID
b         chenkunji         216507000000428104
a         kunjichen         216507000000428068

Row "216507000000428104" is added by "chenkunji", so this row should not be accessed by user "kunjichen" in View "test4view_added_by_me". But now, it can be accessed:
http://creator.zoho.com/kunjichen/test1/#Form:test4?recLinkID=216507000000428104&viewLinkName=test4view_added_by_me

 

Notes:
The "Sharing" of this application is:
Form: test4: public
View:  test4view:private
View:  test4view_added_by_me: chenkunji, kunjichen