Currently a user can alter the ViewID in the URL to gain access to views that they should not have access to. This can become a security flaw if the view has confidential information on it such as a network map background image.
Historically there have been many posts requesting that this be resolved.
I realize this isn't NPM specific but more a request for Orion Core but I didn't have a better place to put this request.
