There is a level of security that allows for the changing of list options
and doesn't require the password (at least for 1.8d.)

So for example, deleting and adding requires passwords, but not changing
options such as review, digest.  It *might* be possible for the user to
spoof your addy and effect a change that way.

I don't have the time to verify what settings do what at the moment, but
wiser heads here I'm sure will know the feasibility and necessary options to
prevent.

Randy