Oh, hey, I missed that you were the author of a NXT app. Sorry about that.

But now that I have your attention, would you consider two things:

1. Append a check digit to an account number.  It could be something as simple as adding up each individual numbers in an account and doing a MOD 10 on the result.  Doesn't really matter, but we need to have some sort of sanity check for the user.

2. Parse alias strings as JSON arrays.  There may be multiple pieces of data connected at once with one alias: a web page, an email address, an ICQ address, a NXT account number, a bitcoin account, etc.  

There needs to be a sanity check done by alias queries also, since there is a potential attack there.  For example:

Let's say a large NXT account holder is account number 12345.  Another account holder, 6789 let's say, could register the alias 12345 and have it point to his own account.  So now you have the alias nxt:12345 -> acct:6789@nxt

Clients that allow sending transactions to accounts found in aliases must not send to nxt:12345 as that'll go to an address the user may not have intended to send to.