I'm still pursuing the huge privacy hole in Gmail -- that it never times out. I re-submitted the query to the Help center:
Gmail never times out. If I log into a Gmail account from a public terminal (or my boss' office) and fail to log out, my session remains active forever. Someone else could read my mail forever, just by leaving the browser open.
If I log into another computer, my first session stays logged in. These are serious omissions. Competitive Webmail clients, such as Yahoo and USA.net, provide timeouts and multiple session detection. Why doesn't Gmail?