I'm reviewing a web based blogging service. Currently on sign up, the
user has to enter a username, a display name and an email address. I
suggest that that username be replaced by the user's email address.
(from any email, say yahoo, gmail, hotmail, rediffmail, etc)
How would this impact the security of the product?