'Add watchers' within the new issue reveals all the accounts
'Add watchers' within the new issue reveals all the Redmine accounts, not only the project accounts. We consider it as a security issues and we had to remove the link from issue page.
We are using Redmine 2.3.2.stable
Redmine should list only the accounts available to the logged user.