On the log in page I clicked Create New and entered my email address but the password box was unavailable. I changed the radio button back to existing account and the password box became available. So, I entered my password and then changed it to Create New and it accepted both the username and the password.
I saw a login with username and password box. Between them were two radio buttons. One said Create New Acct (or similar) the other said "Existing Account" (or similar). It seemed obvious that I could put in a username and password and click "Create New Acct" to register. But when the "Create New Acct" radio button was checked I could enter a username but not a password.
By clicking "Existing Acct" I could fill in both a username AND a password -- and then click Create New Acct and when submitted that registered my new acct.
It seems, that "Create New Acct" should either take me to a dedicated registration screen, OR it should let me pick a username and a password to begin the registration process.
Maybe, it shouldn't have worked at all -- but it worked in a totally unexpected way.
The intended behavior is that you enter a username, check the "Create New Account" radio button, and then click Sign Up without entering a password. You'll then be taken to a new registration page:
It seems like you've found a hole whereby you can create a new account directly from the login form by doing some trickery with the radio buttons and password field. In other words, it should not have registered a new account for you.
I would actually classify this as a semi-serious security hole that needs to be fixed ASAP, as it allows anyone to register accounts without any email address entered, DOB, or any sort of anti-spam measures.
I don't think it could either, but that's what it sounds like from the OP's description, although I could have misinterpreted. At the very least I would test it out.
EDIT: I can confirm, I just tested this (tried to create a new account), and it does not work as the OP described. It just brings me to the new registration page as expected. So, doesn't look like there's a bug at all.