After configuring our website so that the direct download of CSV and Excel files is prohibited (as there are some CSVs on our server that are used for output but should not be downloadable), I noticed that the download of teh CSV in JoomShopping didn't work any more.
The reason is that the export extension - we even paid about 20 € for that - just puts CSV files onto the server instead of creating and serving the CSVs on the fly.
That means that the CSVs can be downloaded without password protection, unless you re-configure your web server. So if you find out that JoomShopping is being used on a website, you can try if this CSV extension is installed and use the download links and get all data of the orders that are in the CSV. And that's a really bad software design!
Please change it asap!
P.S.: I am German, but I wrote in English, as there are also non German speaking users in this forum.