On my set up
In the scenario where you have a customer who places order as a guest say using for example only, email address customer@guest.com.
If another totally different customer decides to register an account using the Register function on the front end and uses the same email address, they get access to the guest users history of orders, name and address.
The registered customer is sent a welcome email but they are able to log in to their account without validating the email address as being theirs. They can also reorder previous orders. This does open up a small but real possiblility of abuse.
Is there something I might have fogotten ot switch on or employed correctly here?
