I have a user which signed-up today and also posted a "profile message" onto his own profile and also entered his "locaton" and his "occupation". The strange thing is: this user still did not confirm his e-mail-address. When I go into my ACP, then it says for this user: User state: "awaiting e-mail confirmation" Question: why and how can a user enter a profile-message onto his profile-page when he even did not confirm his e-mail-address ??? Are you guys sure this should be like it is ? IMO this is a potential leak for spammers.