Multiple OnDemand instances may share the same consumer key. This results in problems wherever add-on code assumes the consumer keys uniquely identify a tenant. One example is at registration time in ac-play, the consequence of which is that a tenant can effectively unregister another tenant (the code looks up the row by consumer key and, if it exists, updates the baseurl and public key, overwriting any existing data).
This has happened to at least 2 instances so far in Who's Looking. For example, here is a database row from table ac_host from a backup taken a few days ago:
And here is that same row today:
Some hosts seem to use their domain name as their consumer key, which mitigates the problem. I don't know why some hosts use jira:xyz and others use their domain name.