Before this gets out of hand I wanted to explain the issue and explain why there is no reason to question the security of Google Docs. The feature explained is intentional and required for Google Docs to be fully collaborative but there is a minor problem.
There have been a few reports recently on the Google Docs Help Forum that unrecognized collaborators are appearing on Google Docs with sharing settings set as Private. Additionally, this Doc has been shared explicitly with other Google Docs accounts or email addresses not connected to a Google account. Users are worried that since unrecognized collaborators are appearing on Private Docs, their security is severely undermined.
Note: This only happens with Private Docs that have been shared at any time. This will not happen with Private Docs that have never been shared.
Understanding a few terms for Google Docs will help understand the intricacies of the issue and hopefully understand why Google Docs is still safe and the proper steps to take to insure complete understanding of security.
Sharing Settings - Umbrella term to define how permissions are doled out (this include Private, Anyone with the link, etc.)
Editing Permissions - Permission to Edit a Doc
Visibility Permissions - Permission to assign who can access the Doc
Google Account - an account that can access and create Google Docs (this can include a gmail account, a Google apps account, or an account under another domain that is used as the username to access Google Docs. Ex. I have firstname.lastname@example.org as my Google Docs account and I sign in at docs.google.com with the username email@example.com and my password that I set up for Google Docs that does not have to match my password for my hotmail email address)
Non-Google Account - an email address that has never accessed Google Docs or would not be recognized when trying to log into Google Docs via docs.google.com or another Google Apps domain (this could also be firstname.lastname@example.org but only if I've never accessed Google Docs or tried to sign up with Google Docs using this name)
When you create a Google Doc the default Sharing Settings are "Private", the default Editing Permissions include only the owner (you) and the default Visibility Permissions are "Editors are allowed to add people and change permissions." This means that when you share this Doc with someone as an Editor, this person can share it with anybody.
One way to do this that might seem wrong is when a Doc is shared with someone who uses a Non-Google Account. This will show up in the Sharing menu with the email address and three little dots above a line that looks like either three people in a group or a crown of some sort. If you choose to send a notification to this person, the notification include a link to the Doc as an invitation. This is a blanket invitation that is generated that will allow a Non-Google Account to access the Doc. Let us say that this person decides not to access the Doc but forward it on to their friend who has a Google Account. The email is forwarded and the invitation is unaltered. Therefore, the Google Account user can click on the invitation and access the Doc. This user seemingly accessed the Private Doc without the permission of the owner. But remember, this permission was not needed because Visibility Permissions are set so that editors can invite anyone! In this case, the Non-Google Account was invited as an editor and chose to allow the Doc to be accessed by someone else. This is no different from an editor with a Google Account that was explicitly defined by the owner, sharing the Doc with another Google Account holder.
Why this isn't an issue
The explanation above shows no violation of security based on the default settings assigned to the Doc. To keep this from happening the owner must change Visibility Settings to allow only the owner to choose who has access to the Doc. This is done at the bottom of the Share menu circled below.
|Choose "Change" to change Visibility Settings|
|Choose "Only the owner can change the permissions"|
Why this is a problem
Currently, when an owner chooses to share a Doc to a non-Google Account email address regardless of the visibility settings the notification email sent to the non-Google Account can be forwarded and access by anyone who clicks on the notification link. This is a violation because the owner is not explicitly defining the user who received the invitation via the forwarded message. This violates the visibility setting where the owner has control over who can allow access to the Doc.
As the owner of a Google Doc you have
complete control over who has access to the Doc owned by you. The only way One way around this is the paragraph explanation above or if someone makes a copy or takes a screen shot of your Doc. You are then no longer technically the owner of any new Doc and the new owner can do as they please. This is no different from someone making a photo-copy of a piece of paper or making a copy of a file and attaching it to an email to someone else.
I hope this helps clear up confusion but most importantly puts you at ease that your Google Docs are indeed safe if you make them!