when the users add an additional user to their blog site using the Add User option, that additional user is able to login to that blog and also to the main blog...
please look into this security issue...
login URL of the main blog:
login URL of the user blog for which an additional user was added:
user id of the additional user: