[support] user security issues?

[drupal at skate.org]

I have a low interactivity blog.  I get less than one comment a week,
and the vast majority of those are posted anonymously.  That said, I
get close to a user account application a day.  From countries that do
not correlate with my readership statistics.  With email addresses
that often look like keyboard mashing.  I have the basic user profile 
(eg. none) so there is no Google juice to be had, no useful vanity
side effects.  Registered users don't have blog posting rights either,
so since anonymous commenting is allowed, all they get is layout
configurability and opting out of analytics tracking. 

Usually, I approve the requests because I don't see the harm and I
feel badly about profiling people based on their countries.  But, is
there harm to be done?  Is there security loopholes or whatever that
allows them to perform mischief to my systems or allow them to use my
systems as a platform to cause mischief to others?  Should I be more
paranoid than I am about user account applications?
-- 
Carol Wang (wangc at skate.org)  ArghC Consulting  (http://www.arghc.com/)
http://www.chineseknotting.org/          The Chinese Knotting Home Page
http://www.knottynotions.com/		 A decorative knotting blog.