i wouldn't say it's a security risk as it isn't really a vector for acquiring another user's personally identifiable information, but it isn't really the best thing. if we were a larger site i'd be more concerned about it but it's something i keep an eye out for.

that said even if mods were prevented from editing others' posts i can still edit the database so there still needs to be some trust when using a site like this. not that i'd ever want to do that unless something was broken from a technical standpoint ew. i'm not interested in being a bad person. it is important to think about when you use sites run by someone who isn't you though (read: corporations).