There's also the possibility of vandals breaking
(think of insecure passwords, or leaving the login
cookie open on a
public machine...), and I'd prefer that potential damage be
that's a good idea.
Would it be useful to have a single-version delete? ie,
that's another good idea.