I think you were seeing things, I haven't seen this in either 1.7 or 1.8.
The owner of the content can set the level, and can edit it, but everyone else can either see the content if they have access or they can't if they don't.
If you want to add it, you may get lucky if you can find a view to extend that covers the majority of possibilities. I don't know off hand what view would be best, and it probably depends a lot on your theme.
It's an Elgg 1.8 feature. Access level is appended to entity header menu, e.g. in blogs.
The admin is not required to enter the other user's password to change it. Users that want to change their own password are required to enter their current password as a security precaution.
Please open a ticket at our bug tracker for your side note. I agree that turning on https for login should also turn it on for changing settings.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.