Part of the solution is requiring x:data forms for registration. Yes, as Matthias pointed out this will make life difficult for existing clients. So we need to define a transition strategy.
I think the transition is easy: provide a web-interface for registering accounts, such that people with clients that do not support the x:data in-band registration can still register through the web interface. cheers, Remko
