During co-browsing, the client might ask you some questions about security. It will be good to know that password and creditcard fields will be masked automatically and that this can be further customized for other types of information.
In some cases, when a user enters a password while using Surfly, their browser will prompt them to save the password for next time. When control is switched to a follower, and the follower enters the password, both the original leader of the session and the follower who entered the password will get a prompt to save the password in their browser.
For this reason, we don't recommend that in-control followers enter sensitive information. A technical support team should always connect as followers (i.e. through our dashboard queue) and refrain from providing any information that they want to keep private from the user they're assisting.
To prohibit followers from performing specific actions on your website, you could look into implementing control dependent appearance.