It is good to know that password and creditcard fields from each tab will only be visible to their respective Tab Owners but will be masked automatically from other Participants and that this can be further customized for other types of information.
In some cases, when a user enters a password while using Surfly, their browser will prompt them to save the password for next time. When control of a particular tab is allowed to a Host, and the Host enters the password, both the Tab Owner of the active tab and the Host who entered the password will get a prompt to save the password in their own browser.
For this reason, we don't recommend that in-control Hosts enter sensitive information into tabs owned by others. A technical support team connecting as Participants (i.e. through our dashboard queue or using 4 digit pin) should refrain from entering any private information into the tab of the user they're assisting.
To prohibit Participants from performing specific actions on your website, you could look into implementing control dependent appearance.