I have a low interactivity blog. I get less than one comment a week, and the vast majority of those are posted anonymously. That said, I get close to a user account application a day. From countries that do not correlate with my readership statistics. With email addresses that often look like keyboard mashing. I have the basic user profile (eg. none) so there is no Google juice to be had, no useful vanity side effects. Registered users don't have blog posting rights either, so since anonymous commenting is allowed, all they get is layout configurability and opting out of analytics tracking.

Usually, I approve the requests because I don't see the harm and I feel badly about profiling people based on their countries. But, is there harm to be done? Is there security loopholes or whatever that allows them to perform mischief to my systems or allow them to use my systems as a platform to cause mischief to others? Should I be more paranoid than I am about user account applications?