One of the main concerns people have about web applications is security. If I store my documents online, can anyone have access to them without my explicit approval? Can I store personal information securely?
Google Docs promises to protect the privacy and security of your content: "Rest assured that your documents and spreadsheets will remain private unless you publish them to the Web or invite collaborators and/or viewers. Once you're logged in, you can grant access to whomever you'd like. Until then, your documents and spreadsheets are private."
But Ralf Scharnetzki found that things are not that bright. Each image included in a document has its own public address, even if the document is private. What's more, if you delete the document and remove it from "recycle bin", the image is still available.
So Google Docs treats images as independent entities, separate from the documents. In fact, the documents from Google Docs are just HTML files that reference external images. In most word processing file formats, the images are a part of the document and can't be accessed if the document is password-protected.
Ralf raises an interesting problem: "How can we talk about privacy on the Web if we can NEVER be sure that our private content (like mails, draft mails, documents) will be ever finally deleted from any of the services out there today?" Of course deleting a document and all of its backups takes time, but it would be nice to know if it does happen.