I freaked out, watched for 3-4 seconds, and then got kicked out of the session.
I opened a ticket with support, and they got back to me saying they had "fixed the root cause".
I still use browserstack, but I'm really careful with passing along private credentials.
Also the VMs aren't locked down as tightly as they ought to be, last time I poked around in the Windows ones there were a few folders left writeable that shouldn't have been, ones with executables and scripts in used to control it.
That said, their service is so very useful that I continued using them anyway. My use case is just to occasionally check some public-facing websites are rendering properly on various browsers, so no big deal if someone snoops on that.
I raised the issue with them back in July 2013, but was initially brushed off. A couple more aggressive emails and they finally responded after 2 weeks saying the issue had been solved.
Haven't had problems since, but still wary..
It's just as probable that I connected in while the users were idling.
Pity I wasn't fast on a screen capture!