Yes, I second Draicone, it should require an opt-in process of some description.
Any system like this should require opt-in. It isn't hard to code, and it avoids legal issues. Just require the user to make a dummy edit to their user page while logged in with a specific, self-explanatory edit summary, and check for it with the API, then maintain a database of verified users. Heck, we could even do this in a toolserver-wide process, with one opt-in system for all tools, and a centralised system with an API for checking if a user is verified.
Toolserver-l mailing list