Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:

    - eligius has no notion "customer accounts. These are a giant PITA for the miners,
      require the pool op to manage a DB which is a PITA in itself. Accounts are also the
      source of a whole host of security problem:
              - need to create account/login -> need to enter data in website -> exposure surface to SQL injections
              - need an email -> phishing attacks, etc .

    - on eligius, miner just send their shares along with a public address
    - on eligius, no need to store any kind of BTC amount on the pool server at any time:
      the payout is built into the block from the coinbase. No BTC ever hit disk.
    - on eligius, added bonus: anonymity for the pool users
    - on eligius, added bonus: much easier to use for miners