After registering and before confirming a new account, the data is currently stored in the session. When registering, the name is checked against a list of forbidden words and existing users but not against accounts still pending confirmation. This might lead to situations where two prospective users try to register identically named accounts and one of them "wins" out of sequence.
A solution would be to store registration info in the database (like suggested in #2), or to make allowName hookable (a bit tricky since it has a pass-by-reference parameter, which would violate the style guide) and move storing and retrieving settings as well as the confirmation check into their own hookable methods to allow a third party module (thinking LoginRegisterDB) to replace them.
After registering and before confirming a new account, the data is currently stored in the session. When registering, the name is checked against a list of forbidden words and existing users but not against accounts still pending confirmation. This might lead to situations where two prospective users try to register identically named accounts and one of them "wins" out of sequence.
A solution would be to store registration info in the database (like suggested in #2), or to make allowName hookable (a bit tricky since it has a pass-by-reference parameter, which would violate the style guide) and move storing and retrieving settings as well as the confirmation check into their own hookable methods to allow a third party module (thinking LoginRegisterDB) to replace them.