I attempted to log in with my username and password from the real site and got the message "There is no user by the name "PierreAbbat".". A username/password check should not reveal whether it is the username or the password that is wrong.
I'm not sure that really applies here, where anyone can get a complete user list anytime anyway (of course it doesn't have any real information like email addresses or anything).
Is there any real security reason to hide our user list?0