Currently, the export data tool exports all secrets, even if the user is not the owner of a specific secret.
Example: An organisation shares one or many secrets to a user. Currently, if this user runs “tools => export secrets”, bitwarden will export all his personal secrets, as well as all non-owned secrets shared by the organisation.
This is not good from a security perspective, as it makes it very easy for a user, to grab all passwords from an organisation and store it in some place.
Furthermore it is also not good from a practical perspective, because this user cannot export only his private secrets without the orgs password.