Hi. I am a member of an organization. I can switch from my personal account to the organization account and install actors there, when they are ready for production. The source code comes from my private Git repository.

I have two questions, regarding security:

1. Can the organization owner/admin also switch into my account and see my actors, runs, storage and personal API token just like I can do with that account?

1. Can they download the source code from the private repo?

This was available to link when the actor was built the first time, but I've removed the link so the repo is not visible from Apify.
And when I try to pull the code locally ('apify pull'), the operation fails.
However, it's still possible to do a 'clean build' and Apify is still able to clone the repo.
That looks fantastic, but I need to confirm if the source code is protected or maybe I'm forgetting something.

Thanks.