The current "email changed password" sucks. Anybody can change the password of any user. This should really be a 2 step process. 1) person cannot login to cpanel and clicks "change password". 2) email sent to user with url to click if they really want to change password. They click and the changed password is emailed. The url could contain a crypt hash of their email address to allow verification without extra database storage. The salt would be changeable on a server to server basis (under tweak settings). The salt would be cut off the emailed hash. Advantages: * Email can only be changed by user. * If user email address is incorrect the password is not changed.