Using v1.5.7c on my site and a customer was logged into their account and then was viewing a product.
They wanted to share that info with a friend and copied the URL and pasted into an email to the friend.
The friend pulled the link up on their computer and since the original account owner was still logged in on his computer the site let his friend see all his account info just as if he has logged in with email/password credentials.
I was able to recreate this. Is there something in the site that can be configured so that a even though another person has the zenid= in the link it doesn't consider them an account owner and log them in?
Bookmarks