I have some more info for you. The NC Smart Guy says the strange things you were seeing were not a breach of security (although it might have looked that way).
The company was using some very aggressing caching techniques that, for a very short time, were serving up some cached pages.

So a page would be requested by, say, "Gretchen", because I was logged in.

This page has "Welcome, Gretchen" as part of the html in the upper left hand corner. When this page was cached, a subsequent request (by another user) would simply not go to our server, but just return this cached page (html). Although it appeared as if you were logged in as someone else, in fact you were not. You could not actually gain access to this other person's information, it was simply cached html markup.

It was a weird uh oh, and we're truly sorry for any concern caused.

Please know that NaturallyCurly takes security very seriously and would never permit a true breach to occur.

Thanks for helping us track this one down!
Gretchen
NaturallyCurly.com co-founder
3A

You are beautiful!