Recently my friend's bitcointalk account got hacked and unfortunatly for him he was not able to recover it, the hacker was able to change the email and password without being stopped due to the fact that bitcointalk system only sends you a notification mail to let you know that your informations were already changed, and the only way you can recover your account is by having a signed message which people only know about when it's too late, or by pming one of the administrators who have a busy schedule and probably won't reply to you even if you have a proof of ownership of the account.

What i'm suggesting here is to add another layer of security, so that when you want to change the email or the password, a verification mail would be sent to the current email and the owner would have the option to accept it or not and also know if he is being hacked.