There needs to be more roles to allocate to people, which restrict what they see. For example:

Account owner (can do everything on all accounts)

Global Admin (Admin across all accounts or selected ones)

Admin (account wide)

Team Lead

Project Lead

Team Member

Intern (may only have view access to some tasks, and write or view only should be able to be nominated when allocated to project / task)

Guest (may only have view access to some tasks, and write or view only should be able to be nominated when allocated to project / task)

Also only people assigned / allocated to a task in a project should be able to see that project.