Redmine

A user may only read/edit the projects he/she is a member of.

Using the account/show page however, any unprivileged user can read a list of all project names. All project details
are kept confidential but project names may also be regarded as confidential data.

For better confidentiality, it would much better to display a restriced list of other users' projects or not to display
them at all.

see the following thread for details:

http://rubyforge.org/forum/forum.php?thread_id=15166&forum_id=7505