Any sub process of bamboo is run under the account of the bamboo agent. If a user is using the script task he has the same permissions and can:
a) inspect the folders of other build jobs
b) inspect the environment variables of other build jobs and find sensitive details like passwords or tokens
Is there any way to prevent that?