When connecting to MAC (from Windows machine) with the third user credential (username and password) I got the screen of the session of the first or the second user sessions already running on MAC. The password of the third user had to be correct. With an erroneous password the connection was not completed.
With 2 running sessions on MAC the connection of the third brought the screen of the second MAC user that was open in background.
Closing the second user session, so only the first user session was running in foreground, repeating the connection with the third user credentials brought the first user active session to the viewing windows machine. In both cases the third user, using its own personal credentials could see the other sessions on windows nx client viewing machine.
The problem is that a user could see the session of another user without the credential of that session. I do not know if the security issue is caused by Apple Fast User Switching mechanism or by NX server authentication.