Due to the potential for change in the valid user roles for any user, and the potential for change in the security permissions of any field, there is no direct connection between the setup of an interest list and the users who may belong to that interest list. For example, it may be that a user belongs to interest list on a field named any_field. A specific user may not have permission with their current role to see this field, but they may be on an interest list that contains a reference to any_field.
The key point is that although a notification to the user may be generated when the value of any_field changes, the user will never see the field or its contents without permission to the security permission key.
Also, remember that there is a behavior setting named EMAIL_NOTIFY_USERS_ALWAYS that can be set to suppress notification to any user, if no field that is visible to them changes upon the update of an issue.
