Allow a forum owner to set things so that moderators, super moderators and administrators must log in with with their email address as opposed to their forum username. As it stands, it's easy enough for anyone to come along and try hacking in. Even if they don't gain access to the account, a moderator, super moderator or administrator can technically be locked out of the forum if a persistant user is trying to gain access. OR if a script is used to continue login attempts every 15 minutes.

Since most moderators, super moderators and/or administrators keep their email addresses private, a would be hacker will have no way to even attempt logging in as the team member - let alone succeed in doing so...