I have a form that is only for users in my organization, but many of the responses are made on multi-user devices (i.e. computer lab, library). A user opens the link and is presented with the form, because the previous user data is still cached. I see no way for the form to ask if it's the correct user.
This is a common feature on most services and seems like a security and privacy flaw.