Its not exactly a major security concern since both users have to login correctly for this to work, but it does kinda screw things up. This works best if you currently have some mail in your inbox waiting to be read.
1. login to the new beta webmail with your first plus net user account.
2. open a second browser window and login to the beta webmail with a different plus net user account.
3. go to the first browser window and click Inbox.
4. the first browser window now displays the inbox of the second user account, despite still showing the first user accounts name at the top of the window. It even allows you to send mail from the second account. (It is actually the second users account, but the name is displayed wrong in the title bar).
5. Click refresh in the first browser window, and your taken back to your original first user inbox.
I think theres a slight screw up with cookies going on there. Tested at work under win2k with firefox. Could be webmail problem or possibly how firefox handles cookies and resending POST data.