Hi Zodiac, I left you a private message on bitvest but I realize you get tons of messages so perhaps this is the best route.
Recently while signed in on my laptop I also signed in on my mobile device. Then I proceeded to change my password from my mobile device. Out of curiosity I decided to try playing what funds I had left on the signed in laptop- I thought it would prompt me to sign in again since I had changed the password just minutes ago on a separate device. It did not ask for me to sign in again.
I continued playing and even sent a tip out, from the laptop even though my mobile had successfully changed the password. In certain circumstances this could have been a devastating blow. For example if my account was hacked , and the hacker was spending my btc... normally changing a password would kick off the would-be hacker but for some reason, in this circumstance the account was still able to continue spending.
This seems like a security flaw and hopefully it can be addressed.
Otherwise, I still love to play at bitvest.
Lorilikes
I have made password changes kick out all active sessions in all cases now. I have also made it auto-set tipping to disabled for additional security.