What you can’t do with Gmail and Document Services now available in Apps Script

Google recently announce Gmail and Document Services now available in Apps Script, which wasn’t a huge surprise as they had already announced it at the Google I/O and I had picked up on it in Automating your inbox with Google Apps Script.
So when asked if I could create a gadget to sit in a Google Sites being used as an Intranet I immediately thought all the building blocks were there and happily threw together a prototype in a couple of hours (the reason we went down this route is the various existing mail notification gadgets didn’t work with mail on the Apps domain).
And here’s the kicker. To embed this in a Site you need to publish your app as a service which means by doing so, you are allowing users who access the URL shown below to run the script AS YOU’ (capitals are theirs). This means that despite knowing the ID of the user viewing the page all they will ever see is my inbox!? So if I ever want to do some interesting stuff with my inbox or documents that’s fine, if I ever want to roll something out for everyone on my Apps domain forget it.
