Comment 1 for bug 1824442

So I can better understand the risks implicated in this report, can you explain the circumstances under which someone might create a "non-privileged project user" and which parts of the "share networks API" output are sensitive? Also what might such a user be able to do once obtaining this data?