When creating a new project, the UX regarding the privacy/security settings is totally broken: Although the first screen says that the new project will only be accessible to people that are directly invited, this is demonstrably not true. Because if you call up the “Share” screen after having created the project, it shows that by default, all team members have access, too:
Why is this a problem? Users create a project in good confidence that they really control who has access - but in reality, they do not.
I would bet that most users are not aware of this “feature”, since the documentation https://help.figma.com/hc/en-us/articles/360038006494-Create-a-new-project is not really pointing this specific topic out in much detail.
Somehow it seems that the DEV team at Figma does not see this as a problem, since I reported that problem more than 2 month ago. Maybe a discussion here will raise more awareness for this.
Kind regards
Peter