To write that it’s “impossible” to obtain another user’s information seems unlikely. But perhaps you’d like to elaborate.
At least in the case of nderground, user credentials are presented along with a data retrieval request. If the user doesn’t have permisson to see the data, the request will return nothing.
Unfortunately it is not “impossible” that a user could see data that they should not have access to. I’ve gone to a lot of trouble to avoid this and the entire architecture of nderground is designed to control access to data.
Unfortunately, is not “impossible” that someone could see data they should not. There could always be a software bug in existence or a bug that is introduced in the future. Test suites can help avoid this, but to write that unauthorized data access is “impossible” seems akin to writing “no one can hack our system”. Naive, at best.