* If the username isn't displayed and allowed to be changed, we might
want to make sure we use the Horde supplied username instead of the
user provided username for security reasons

* There should be more error checking for various things, in particular
sanity checking of the form variables passed in.  This would include
making sure when we pass the username around in the form, we use
htmlspecialchars() on it, etc.

