Obvious that goetzc's suggestion wasn't taken seriously.
Please consider making at least the login page & one user's CP - where email & PW are changed. Hackers are getting very clever.
Some people may not've heard... data interception is a big deal. Even if all they do on this forum is get my PW & login, they'll get the email I use.
For reasons like this & others - don't use the same PW on more than one site.
Can't we all just get along? If a computer crashes when no one's around, does it make a sound?