Mon, Apr 15
Folks, seriously: just fix this. Let the bots break for a day or five. You don't need community consensus. You just need the Will To Do It.
Sun, Apr 14
"Should" and "Does" are two different things, though. The fact that something as basic as "Logout" has this flaw does not inspire me with confidence that other, more important things are not broken.
There's probably a LOT of action urls that should be blacklisted. A trap would be someone creates a link that executes an action that has higher privileges and tricks a sysop into clicking it, etc.
Mar 3 2018
Okay so I'm gonna comment here and I expect Pau will back me up on this but:
Jan 5 2017
I don't think anyone is going to work on this.
Nov 15 2016
I would very much like to have this spam reduced. While my username isn't a common name (like Angela), it is _short_ (4 characters). If I had my druthers, I'd prefer the security question as it is least invasive to the user from a day-to-day operational standpoint.