In the My View / View Issues screens, private bugs in public projects
(and probably private projects too) appear to ignore the
private_bug_threshold value of their project unless you select it. When
some projects have tighter security on viewing private bugs than others,
this creates a situation where a user who should not be able to see a
bug can still discover its existence in My View and View Issues. Viewing
it fails with 'access denied', but if the summary had confidential
information in it then the security leak has already happened.

I don't consider giving All Projects the tighter security to be a usable
workaround, because then you can't find bugs in the projects that use
normal security for private bugs, until you select one of them, but then
you can only see the subproject hierarchy you just went into.

Steps to reproduce:
------
On a fresh 1.2.2 install try this:

Create a public project.
In the project, edit thresholds so that you need manager to view private
bugs.
Submit a private bug to that project.

Login as a different user with global access of developer. View All
Projects.

You can see the bug in MyView / ViewIssues but then when you click on it
you get an Access Denied screen. If you select the bug's project, then
it correctly disappears.
------

Signed-off-by: David Hicks <d@hx.id.au>