Comment 5 for bug 1629711

Janie Richling (jrichli) wrote :

After talking with some people at work, and talking more with Clay and learning more about "account_autocreate" and "allow_account_management" in general, I no longer think this setting could be considered a security layer. If we did change to require the setting, then some deployments would have to add that - when they might not mind the change in behavior. And most likely if you specifically cared not to autocreate, then you'd prob have it set. Sounds like a very low chance we'd want to change the default down the road. Perhaps it is best to simply change the default.