Sorry if these keep popping up under my login. I'm only attempting to stress test known security vulns via XSS and simple URL hacks. Only one thing I found that you may want to look into is the ability of users to modify other's settings. The site gave me access to one but hasn't since. Rest assured, no changes were made.