Whenever you grant people access to information, they can share that information with other people without your consent. That’s not something that is new or unique to Airtable. Just like any other platform, you need to be intentional about who is allowed to access what parts of your data. Airtable, like most software in 2023, is reasonably secure and also provides very little protection against an employee who is willing to risk the consequences of violating the terms of his/her employment (which presumably would include things like sharing sensitive company data). Unfortunately, that too is neither new nor unique to Airtable.

You can use interfaces to allow people to access and update the data they need to do their jobs without allowing them to access the underlying base. That, coupled with the judicious use of forms, can take you a very long way and might even save you money because you may not need as many Creator/Editor/Commenter roles as you have now. You might also benefit from building a portal using MiniExtensions/Softr/Bubble/Pory/Stacker/Webflow/etc.

If you're looking for someone to help you visualize what solutions might work for your individual use case, I would suggest posting something on the Job Board for that.

Yes, if you add someone as an editor to your base, that person can duplicate your base without your knowledge, gaining all of your data and schema in a matter of seconds with a few clicks. In fact, the same is true even if you add the person as a read-only user.

An existing editor can also add another editor to you base and you will be charged for that additional user with no warning. 

If you have an enterprise plan, you can prevent both situations with two simple toggles per this support article. If you do not have enterprise, I described some ways of keeping data private here.