Plex Home automatically authenticates last user when there is no internet
I recently purchased a Plex Pass and this problem is related to the Plex Pass Home functionality. However I didn't post in the Plex Pass section as it is also related to the Samsung Smart TV app.
I set up a home with my account protected by a PIN and the guest account for more restricted access to anyone else. I disabled the "Auto login last user and skip pincode" option, since otherwise : why put a PIN code in the first place ?
Everything works fine but I discovered after an internet outage that this option is ineffective when there is no internet : the Plex app automatically logs in with the last account (in my case : my account or the guest account, depending on which was the last used) as "offline", without asking for any PIN, and giving the user the same permissions as if he was indeed the owner of the account.
In short : if I was the last person who used the app, anybody in my house can unplug the modem to trigger an internet outage and then get access to all my local servers (even those he wasn't supposed to access), mess with my files since I have enabled the "Allow media deletion" option, and mess with my "watched / unwatched" status.
Obviously I trust the people in my house : I locked my account only to ensure that nobody watches something under my account if I'm not watching with, therefore corrupting my "watched / unwatched" status. But this still looks like a security issue to me. Is this a bug ?