If you're taking security more serious, why are you still sending out new passwords through unencrypted, regular email when doing a password reset? Besides that your own MTA seems to add ***SPAM*** to the subject line of the Welcome to the forum email. This does not look like a properly run operatio...