Aryeh Gregor <Simetrical+wikilist <at> gmail.com> writes:
I don't think so. I think it's completely reasonable, when talking about Wikipedia. Hackers go after money, and there's no money in hacking Wikipedia. We have nothing secret or valuable that's not already readily available. We have no black-market competitors who want to try disrupting our service. Any malicious action could be easily reversed. The worst we have to worry about is someone with a grudge trying to frame someone else, which has happened, but it's hardly a pressing concern.
That is true for regular accounts, but with administrator access you can run malicious javascript on a large number of machines or track the visitors of a certain article. A totalitarian government going after checkuser access is not an unimaginable scenario either.
That said, the two things that would make the most difference (and are also much easier to implement) are SSL and password strength requirements. There is no point in fancy stuff like SMS or asymmetric cyphers which would be much more disruptive, a lot harder to introduce, and would have less effect.
When few enough people want a preference that more people are likely to turn it on by mistake than deliberately, and when there's significant harm or confusion from turning it on by mistake, that's a sign that it's a bad preference. (See also: "Use external editor".)
Not to disagree with your general point, but that specific problem would be easy to handle by throwing a dialog with big red exclamation marks saying "WARNING! Arey you REALLY sure you know what you are doing?" when one is about to turn on such a feature. (Or only showing the controls when the user selects "expert mode".)