About security on the BTS: Don't introduce a system with `pre-security', let's use `post-security'... what do I mean? The following: Make every action undoable and advertised, e.g.: if someone manipulates a bug in any way the maintainer gets an email. I think that that's how it's working now, so... don't touch it.. =)