Recently I changed my SDMB email address for reasons which are not relevant here. It occurs to me that someone with a malicious bent might take advantage of someone leaving themselves logged in. We all remember what happenned to Hal Briston, right? So my suggestion is that in addition to a confirmation email being sent to the new email address, a notification email, delayed by half an hour or so, should be sent to the old email address. Just in case.
[Hijack]
Um, I don’t. What happened? Did he leave his login ‘logged in’ and it got RL hijacked by a third party?
[/Hijack]
If so, this is why I always log out of the SDMB, lock my computer, clear my cookies, and delete my history every night. Then I take a shower, brush my teeth, and wipe everything for fingerprints, too. Oh, and I ‘duct tape mop’ every horizontal surface to pick up fallen strands of my hair.
Tripler
Can’t be too careful with that DNA, ya know.
That’s exactly what happened.
The poor lamb. 
LiveJournal does this - I think it’s a good idea.
There’s no need for this. Even if you are logged in, to change either your email address or your password in the User CP, you must still type in your current password in order to do it, or the board software rejects the changes. Unless you have it on a piece of paper taped to your monitor (bad idea), there’s no way a third party can change this information.
What he said.
Thanks.
TubaDiva