Upgraded from Beta 4 -> RC2 last weekend. At the same time, changed configuration for caching and turned block cache off -> on. Today opened front page, noticed that the login block was missing and instead displayed the user name of previously logged-on user. Was unable to access user's account data, i.e. the session context wasn't leaked, only the output from the login box.
Tried to reproduce the problem on a separate fresh install of RC2. (Created one account in addition to admin, turned block cache on and attempted to logon/logoff with the second account and monitoring behaviour for anonymous user.) Wasn't able to reproduce the behaviour on the second box.
Continued investigating the block cache issue: Turned block caching back on. Logged on to the site, and noticed that the "User login" block was not in sync with my session, i.e. was still displaying the form requesting me to log in.
Any suggestions on how to debug this? I'm not familiar with core enough to locate the problem by myself. The site in question is live and public, so anybody interested can contact me for a "remotely assisted" debugging session of some sort (I'd be watching and reporting the variables from Drupal according to suggestions.)
Could be a security risk, i.e. reveal user-sensitive data. Not sure if priority "critical" is appropriate for the issue.