I have two recommendations to improve your security, which is my biggest concern with Betcoin at the moment. First, when your code throws error messages, it shouldn't give random players information about what operating system you're using, your directory structure, your script names, and variable names, e.g.:
Secondly, when you have a system in place to verify e-mail authenticity, it is insanity to include a URL to the verification location in the same e-mail. This is just asking for someone to spoof your e-mails and training your users to blindly click on unverified e-mail links.
I also just noticed that the last three e-mails that you have sent me have
identical e-mail security code hashes. Why make it so easy for someone to circumvent your security system?
I am finding it increasingly difficult to take the rest of your site seriously when I see stuff like this after you have claimed to have hardened your security.
