Speaking of security holes.
1. Person A logs into Workbench.
2. Person A opens Max FSTL.
3. Person A closes Max FSTL.
4. Person A logs out of Workbench.
5. Note subtle distinction in bolded parts of 3 and 4.
6. Person B logs into Workbench.
7. Person B clicks Max FSTL.
8. Max FSTL opens as Person A.
This works best when Person A is an ETL, Senior TL, or someone in HR. You get to see Timesheet stuff, check who made post-publish schedule edits, etc.
It's been several months since I've tried it though, so I have no idea if it still works. I've found a couple of other ones, but I can't remember them at the moment. A fellow TL has found all kinds of bugs and holes in the PDAs and Workbench. One cool one was when viewing the inventory tracking thingy; the one where you can look up items to see their cost, retail price, etc. There was something funky he could do to have group leader level access, allowing access to all kinds of things no one lower in the chain could ever hope of doing or even seeing. He was also able to do some really crazy things with the PDA, but a few months back it looks like some updates hit and closed one of the major avenues of killing the Target app to achieve access to the underlying Windows system.