This is all in the self_auth paper. It does not create a file but a pointer to potential files. When you change credentials then a new pointer is create and old one deleted. So all trace is gone when new data is on line. Your old data is not gone unless you have the new data. So there is an implicit read after write check before old account is gone.