When you run the upgrade_emails.pl tool to copy the email address from user topic to secret .htpasswd file some user topic may have no email address at all.
In this case it is still possible to hi-jack an account. The script should insert a default admin address instead.
The real user can change this if he wants to. Reset password submissions will cause the email to be sent to the admin instead of the later added email address on the topic.
Script will ask for an admin e-mail address now.