As an extra protection against any possible social engineering attacks, whenever^* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.

^{* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.}