If you change the security rights for someone who's currently logged in, he won't notice the change and won't gain or lose any rights until he logs out or clicks the Reload security link on the VSys One home screen (under Tools).
Turning security on or off does not affect any users currently logged in until they exit VSys.
VSys stores each user's user ID in the "Soc sec#" field in the "people" table, not normally available in VSys. Despite its name, VSys never stores a Social Security Number in this field: the name of this field is for backwards-compatibility purposes only.
You can never view a person's password, no matter what your security rights. VSys itself doesn't store the password: it only stores a mathematical "hash" of it, which it uses to verify that the correct password is provided when the user logs in.
If VSys Security is not enabled, all users are unrestricted in their actions, including editing security. This is by design. It's important to create your user accounts early in the process and enable security in order to keep your users from accessing features you don't want them to access.
Even if you're logged in as a superuser, opening any of the security management tools will require that you re-authenticate with your password. In addition, even from within the Security manager, enabling or disabling security requires that you re-authenticate again.