Deprecated - Drupal core

I haven't tested this, perhaps I'm wrong since I'm still new to the Drupal code -- the other day I read the user registration function and I seem to remember it doesn't check if users can register or not without Admin approval. It just goes on and inserts the information received by $edit.

Would that be a possible flaw? I mean, a user might be able to POST with action="user/register" and get a user registered even if public user registration is disabled.

Is it possible to delete an account without blocking, saving, then deleting and confirming? It is not very convenient if a whole set of users have to be deleted. Otherwise, is it safe to simply delete users in a database manager (phpMyAdmin or the Drupal db manager) ?

Hey guys,
Just to let you know I added a page on how Drupal handles access and any input is welcome (as I am not an expert on this)
http://drupal.org/node/16541

Hello, I'm new to drupal and its taking me a while to get used to teh various options in the administration settings. On our website, we are going to have some database-driven content (such as text and links - both navigational and referential (in the pages themselves)) which are stored in an MySQL database. Is it possible to modify the information in a database using drupal? (ie. does it already have some functionality I can use to do this or can I extend it to do be albe to do this?)

RS

Is it possible to have users registration without asking for an e-mail? The user would be presented with two password fields, no e-mail requirement is necessary. Is there a patch or module for this?

Other than the project issue thread, is there any user/administrator handbook documentation for the upcoming multi-site configuration in 4.6 yet?

Brian.