If we're going to be giving "sysop" status fairly liberally
(and I don't disagree with that as a policy), you might consider
still making at least one concession to database security:
currently, anyone with sysop access can query the database and see
users' passwords in plaintext. People tend to use the same
password for several things--so it wouldn't surprize me at all if
I were able to log onto Magnus's email account or something.
It shouldn't be too much work to use some minimal encryption there.
--
Lee Daniel Crocker <lee(a)piclab.com> <http://www.piclab.com/lee/>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC