You happen to be on level re: data leakage and this should be an important consideration for anyone rolling their own authentication/authorization scheme. +1 for mentioning OWASP. Early hackers had been thinking about how they might examine, make improvements to, and take a look at the bounds of present courses. http://pigpgs.com
