Love the product and the options that it provides.
Have one small issues I'd like to request a fix for:
If you use some of the API options for remotely backing things up then you have to install an API access token - that token should never be revealed to others and yet in a shared admin situation that token in plainly visible.
There is no need for that at all - once it is installed it should be treated like any other password and be behind a one-way mirror so to speak.
Can we do that for the services that require an API access token?
Can we at least secure the access to the keys so only the person that puts them in can view them under a single account?