Doing some routine testing of things last night we realised that it's quite possible to comment on a wordpress blog as another person - all you need is their username and email address combination, much easier to guess than username and password when so many people use the same as the prefix on their gmail accounts.
Not being one to try to masquerade as others I hadn't noticed before, but the implications are not great - if you get the combination you could leave all sorts of nasty or unhelpful comments on people's blogs.
Has anyone else noticed this? It's obviously standard behaviour. Why isn't anyone bothered by this? Is there anything that can be done?