Our website is a consumer association with paying members, and we also have an open newsletter for the general public.
We sent out a monthly newsletter to our paying members containing internal information that is not for the general audience.
Due to the nature of how the “Online-Version” of your plugin works, people with a basic knowledge of URL parameters and structure can easily guess the “Online-Version” of our internal newsletters and access the private, internal content with no restrictions or security.
This is actually not a futuristic scenario, but a bad case we now have to deal with.
It would be fantastic if, for every newsletter created, some additional parameters would change, not only the ID. Or, if we would have the possibility to disable the “Online Version” feature on a NL-by-NL basis or completely for all newsletters sent out.