If you change the security rights for someone who's currently logged in, he won't notice the change and gain or lose any rights until he logs out or clicks on one of the Reload security links.
Turning security on or off does not affect any users currently logged in until they exit VSys.
VSys stores each user's user ID in the "Soc sec#" field, not normally available in VSys. (The name of this field is for backwards-compatibility purposes, VSys never stores a Social Security Number in this field.)
You can never view a person's password, no matter what your security rights. VSys doesn't store the password - it only stores a "hash" of it, which it uses to verify that the correct password is provided when the user logs in.
If VSys security is not enabled, all users are unrestricted in their actions, including editing security. This is by design. It's important to create your user accounts early in the process and enable security in order to keep your users from accessing features you don't want them to access.
Even if you're logged in as a superuser, opening any of the security management tools will require that you re-authenticate with your password. In addition, even from within the Security Manager, enabling or disabling security requires that you re-authenticate again.