User can use old rights even if deleted from account list

Thanks for your feedback

We have resolved this issue, when you remove a user they will not continue to have access to the pro account.

I have the impression, something does not fully fit yet.
I just tried to open the page http://.primarypad.com/admin/listpads/ with IE9. Then I was asked to login, which I did with a user that has only contributor rights. Thus this user should not be able to see the list of pads, according to the explanation on the admin page.
OK, normally he does not have a link to the listpad page, but if he knows PrimaryPad, nothing is easier than guessing the URL of this page and go straight there and see everything. This makes the concept of restricted rights useless to me.

The same difficulty I see with the distribution of the plain text link to a contributor. If you give meaningful names to the pads, that follow a certain logic, which I find highly recommendable if you have more than just a few, then sending a plain text link to a contributor makes it very easy for him to guess the other pads names and open/edit them. Again, this makes the concept of the contributor (who can only see and edit the pad I invite him to) obsolete. Here an easy solution could be a scrambled URL that you can give out (existing additional to the plain text URL), as you already provide for the public pads.
The option to use a password protected public pad for this use case I do not find very appealing, as all users with full rights then will have to enter the password as well.

Thanks a lot for your efforts.