I have a suggestion: Can there be a way to add some optional requirements/settings for the 'Withdraw to- Address Lock' and/or 'Internal Transfers'? Maybe options such as email confirmations, or some other verification (besides the PIN)?

My situation: I locked my withdraw address to an offline, paper address, thinking that I would probably reinvest most of my dividends and wouldn't need to withdraw anything for awhile. However I changed my mind, some other investments on other sites caught my eye, and I wanted to make a few purchases with earned dividends - though I didn't want to load and use the offline wallet yet.

Instead, I created another account and internally transferred my spare BTC to the new account. Within some odd minutes I had my coin off of btct.co.

I know there is already quite a bit of security in place, and that if an attacker had my PIN and 2FA then my email probably is compromised as well, though I still feel irksome that I was able to contradict an earlier decision of mine. Not that I'm asking you to save me from myself, not your job to watchdog the users and safeguard against self-sabotage. Though I can't see much downside if there were a few more options a user could place on his account, if implementation was easy and it didn't increase things too much on your end.

Could one have a time-specific withdraw lock (maybe a week or month, etc), delays or confirmations for internal transfers (or maybe securities only transfers), etc?

Regardless, love the site and the work you put into it is admirable. Thanks!