Hi there.
I wish to report a very big loophole I found in Google's security.
It involves using Chrome remote desktop, and also applied to cloud print (and maybe some other Google products).

Here's what I've been able to do:

Use someone's computer for a few minutes, (can be in a lounge, Library, someone's office Etc), I then log into Chrome (add person, then log-in). Then go to the persons Chrome remote desktop app, press disable (if he had it enabled already), then I press enable, thus putting the computer under MY account's Authority.
I can then click to remove my profile from that person's computer, leaving no trace that I ever even logged in. 
and here's the massive loophole: my account is still the owner over that person's Chrome remote desktop app. Yes, even after I logged out and remove myself from chrome!
So I can still access the computer whenever I want (as long as he doesn't disable connections it and then re-enable it under his account).
This same bug, also applies to Google Cloud Print, that whichever account is the one to add the printer, stays the owner, even when logged out!