There is a level of security that allows for the changing of list options and doesn't require the password (at least for 1.8d.) So for example, deleting and adding requires passwords, but not changing options such as review, digest. It *might* be possible for the user to spoof your addy and effect a change that way. I don't have the time to verify what settings do what at the moment, but wiser heads here I'm sure will know the feasibility and necessary options to prevent. Randy