The real problem occurs when a website uses a self-signed certificate. Internet Explorer and Safari browsers will store the certificates in the Microsoft certificate vault. In this event, the browser session can be viewed regardless of whether the privacy mode is being used.
Internet Explorer has recently been exposed to some negative press regarding the way SMB initiates requests in privacy mode with a remote server. However, closer examination of this ‘potential’ flaw reveals it actually isn’t a problem because port 445 is usually blocked by most ISPs. Final thoughts: using a browser you should also be aware of the security threat posed by ‘browser add-ons’, especially in privacy mode. Some (not all) of these browser add-ons retain your private mode session data. My suggestion is use a sandbox or virtual browser instead!
Windows 7 TIP: You can use Credential Manager to manage and store credentials, such as user names and passwords that you use to log on to websites or other computers on a network.