The strange thing is:
this user still did not confirm his e-mail-address. When I go into my ACP, then it says for this user:
User state: "awaiting e-mail confirmation"
why and how can a user enter a profile-message onto his profile-page when he even did not confirm his e-mail-address ???
Are you guys sure this should be like it is ?
IMO this is a potential leak for spammers.