The "User read only" field is completely useless, because there seem to be no serverside checks?

I want a disabled dropdown box with data to show up on my registrationpage (typically a user status). But with help from Firefox plugins, i can enable every disabled form-field and when i select another value, this value gets submitted and changed in the database. This can be a potential security-risk if you assign more permissions to a user based on this value.

I will check the protectFields plugin now to see if this does serverside checks.

It does

Too bad, it seems that this plugin only checks data when it is edited in the profile, but NOT when the user registers. I have a default-value that I show on the registration-page. The user can still change this value on the registration-page without any problems This means I probably have to start hacking again or try not to show the value at the registration-page and hope it gets updated...