It is sadly a recurent security misfeature, when system due to timeout or other reasons considers user session closed - but lets session data still be available from outside, leaked.
In OMV5 case it is when user was logged out due to timeout.
The flashy red-black box is displayed, but the rest of data is still visible. With little help of DevTools / F12 key it would be even copyable.
Usually there would be nothing of value there, but occasioanlly there may be something important.
Like seeing users list can facilitate user/password pairs bruteforcing.
Seeing list of fails might reveal porn or something else sensitive.
Seeing SMTP settings again might facilitate hijacking OMV box by bruteforcing SMTP/POP server or even by planting fake mail server into the network.
Seeing data form one's old session might look fancy, but has no practical use also. User can not enter password and resume, unpause the session. User would be routed to freash empty screen with nothing but login box.
So, from the security consideration, there is to be an option to totally remove data from WebUI page in case of session timeout. Not beautiful blurring, because it is easy to undo in browser's DevTools, is the session is cancelled - then the WebUI page is to be cleared.