This is likely the cause of the multiple authentication popups in Safari.

When a user logs in, they are also supposed to be logged into the REST authentication endpoint, which will cause subsequent REST calls to be made with the same credentials.

Logout is supposed to clear the REST credentials, but it doesn't. If you log in as "foo", hit some REST endpoints (may not be necessary to do that), log out, and log back in as "bar", REST calls will remain authenticated as "foo".